Analysis Overview
SHA256
a72754b9f9b0ef62bbc387750049c3235be29287f4d4871cc3ba5a5b74293ef4
Threat Level: Known bad
The file 2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
ACProtect 1.3x - 1.4x DLL software
Loads dropped DLL
UPX packed file
Writes to the Master Boot Record (MBR)
Drops file in Program Files directory
Unsigned PE
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 16:38
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 16:38
Reported
2024-06-04 16:41
Platform
win7-20240221-en
Max time kernel
141s
Max time network
123s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\JiaRong\JiaRsoft.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| File created | C:\Program Files\JiaRong\JiaRjishu.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4018F953-1BFE-441E-8A04-DC8BA1FF060E}\6.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6143-7500-41EF-8062-BD89A0A92D40}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6143-7500-41EF-8062-BD89A0A92D40}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2564DCE8-FEDB-4EB6-B7F9-5026F7F1041E} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9364159-6AED-4f9c-8BAF-D7C7ED6160A8}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FD5DC62-DED0-4138-9C48-55F0A0FE7B66} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FD5DC62-DED0-4138-9C48-55F0A0FE7B66}\VersionIndependentProgID\ = "gregn.GRDisplayViewerProps" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{530A8E53-DFD5-4B95-A4F3-636E00D801D8}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{530A8E53-DFD5-4B95-A4F3-636E00D801D8}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60EB191F-5E63-41E7-807F-C66EC7A8EF26}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{42F6AF5F-5FC4-4F44-9812-1FBD9224CE2C}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B753063D-AEBA-4E5E-B53A-F89B68F1F622}\ = "IGRGroupFooter" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C04A6148-7500-41EF-8062-BD89A0A92D40}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B2CC2C43-CF42-4E38-BDBB-5C04DF11793F}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72A79692-2F9E-4FEC-92CC-6B4A7375A3D6}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4AA885F-AF9C-4032-A65A-F3DFD458C289}\ = "IGRE2RTFOption" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewer.6\ = "Grid++Report PrintViewer 6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{93CD76F7-5439-437F-8FA5-A650F2CA773C}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08513FC1-CCCE-4603-8DD1-35BA1CA8D1CD}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2F421D7-73FA-462F-9BF5-7DA3E512CA00} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81727F33-8D8C-45DC-B525-07ABDC5FB652}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4ACA069-B92C-401A-B175-354E00D538D9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{488B2328-67C0-42D1-A133-303FF60D8AE2}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B5EA181-A38D-4f42-88B2-6AF74CF6D6C0}\Control | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4018F953-1BFE-441E-8A04-DC8BA1FF060E}\6.0\0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17B23325-7316-4098-9FE3-B5A1C24DB296}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0574ABEB-B0DA-465D-9EB7-286C00F3628F}\ = "IGRPrintViewer" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9364159-6AED-4f9c-8BAF-D7C7ED6160A8}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7FC1D3A0-693F-486E-BDF3-02E98F50F9F3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5D15E31-FA9A-42BE-BE9C-8688E7D9D6A0}\ = "IGRE2HTMOption" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F623A5E8-4AE4-494E-975B-3C5404428625}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD0A6964-D013-4DB6-96C4-5B1DE0DB8F1C} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{488B2328-67C0-42D1-A133-303FF60D8AE2}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C3112650-36D2-4928-9D6C-C0A21CCC1EBA}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F00CE27D-D1E3-4EF6-9877-BF3233EBF551}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F9B62D-9E33-484A-BB3C-BD58007BDAA2}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F5D15E31-FA9A-42BE-BE9C-8688E7D9D6A0}\ = "IGRE2HTMOption" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36971202-D715-4AFC-83D4-7C0DDD8872E8}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36971202-D715-4AFC-83D4-7C0DDD8872E8}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{72A79692-2F9E-4FEC-92CC-6B4A7375A3D6}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{273631DD-1CAC-49E9-92EE-584F48921A1E}\ = "IGRE2PDFOption" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{488B2328-67C0-42D1-A133-303FF60D8AE2}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{81727F33-8D8C-45DC-B525-07ABDC5FB652}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5C2FC87F-12F8-4A09-8A4A-792671C03C74}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2564DCE8-FEDB-4EB6-B7F9-5026F7F1041E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77FD1006-7067-41FF-A712-0F356A6ACE8C}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CDAA7F5B-E100-49B7-93F2-6B66FC93BE55}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AACDAA8B-5EBB-4CC7-BCB9-C300FE7184A5}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE08C5A0-22B5-4664-9DAA-4BB97C2C0771}\ = "IGRUtility" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{77FD1006-7067-41FF-A712-0F356A6ACE8C} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDAA7F5B-E100-49B7-93F2-6B66FC93BE55}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B2CC2C43-CF42-4E38-BDBB-5C04DF11793F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C04A6143-7500-41EF-8062-BD89A0A92D40}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28845384-ED9F-4D2E-986E-D52AC37A108F}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{530A8E53-DFD5-4B95-A4F3-636E00D801D8} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BB506AB-425B-43B0-BC82-28A61FCCF686}\ = "IGRE2TXTOption" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CA58CB2-2AD1-4ad0-B3CC-5F5C000BBDEE}\ProgID | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FCDB44D7-4E0B-4EB6-A1E2-092689E8A482}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BCB27BB-9750-4B28-9384-77801FB0D4EB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01056F48-F4AB-4D9F-BE45-614F3313717D}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5561733-9CD9-4D47-AE6B-3CB10A3D6772}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4018F953-1BFE-441E-8A04-DC8BA1FF060E}\6.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48636E6A-758E-46C0-B37A-C2A2CAC9469A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe"
Network
Files
\Program Files\JiaRong\JiaRjishu.jrs
| MD5 | 259c1da17b442ac2f27ea1ff4625e7d3 |
| SHA1 | 54437d7ce0fc459ed603dc8709254c6971cd34e0 |
| SHA256 | 6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a |
| SHA512 | 75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796 |
memory/2032-5-0x0000000010000000-0x0000000010917000-memory.dmp
memory/2032-10-0x0000000010000000-0x0000000010917000-memory.dmp
memory/2032-11-0x0000000010000000-0x0000000010917000-memory.dmp
memory/2032-13-0x0000000010000000-0x0000000010917000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 16:38
Reported
2024-06-04 16:41
Platform
win10v2004-20240426-en
Max time kernel
141s
Max time network
140s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\JiaRong\JiaRsoft.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| File created | C:\Program Files\JiaRong\JiaRjishu.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6143-7500-41EF-8062-BD89A0A92D40}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A9E920A1-C722-4A81-9FCF-4D5EBFFA21F4}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CA0A5CBE-7EEC-44FD-ABFD-FC65BFED8618} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5561733-9CD9-4D47-AE6B-3CB10A3D6772}\ = "IGRCellBase" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60EB191F-5E63-41E7-807F-C66EC7A8EF26}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{530A8E53-DFD5-4B95-A4F3-636E00D801D8}\ = "IGRBarcode" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5C2FC87F-12F8-4A09-8A4A-792671C03C74}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD0A6964-D013-4DB6-96C4-5B1DE0DB8F1C}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRDisplayViewer\ = "Grid++Report DisplayViewer 6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9EF8E78-8E3A-428C-93C5-F52E146CB6FF}\ = "IGRPen" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F9B62D-9E33-484A-BB3C-BD58007BDAA2}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C04A6143-7500-41EF-8062-BD89A0A92D40}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60EB191F-5E63-41E7-807F-C66EC7A8EF26} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FE11B07-22DC-4691-85D7-0469364B4B46}\ = "IGRFreeGridColumn" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FD5DC62-DED0-4138-9C48-55F0A0FE7B66}\ProgID\ = "gregn.GRDisplayViewerProps.6" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB11F828-A97B-4BC3-9B7A-9D2DDEB1C229} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08513FC1-CCCE-4603-8DD1-35BA1CA8D1CD}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD0A6964-D013-4DB6-96C4-5B1DE0DB8F1C}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B753063D-AEBA-4E5E-B53A-F89B68F1F622}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48}\ = "IGRDisplayViewer" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GridppReport | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C56923D-4012-4D28-8283-1B294C5C2A06}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{93CD76F7-5439-437F-8FA5-A650F2CA773C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewer\CurVer\ = "gregn.GRPrintViewer.6" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6148-7500-41EF-8062-BD89A0A92D40}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39A2C13A-D695-44BD-8339-A94FA64CB62B}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{07120975-B963-4F85-9B4D-0AC979FEBB5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{23F65787-D22B-4CA6-BA49-D22B63CA353A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9EF8E78-8E3A-428C-93C5-F52E146CB6FF}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4FA44042-1421-46DE-9ACA-A44753FF06C6}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EBF161F0-F347-441A-9C0D-0ACA7824793B}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C3112650-36D2-4928-9D6C-C0A21CCC1EBA}\ = "IGRCrossTab" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5DABF9AD-2396-4C11-BFD7-A5EE39772954}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GridppReport\CurVer\ = "gregn.GridppReport.6" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04CEA260-DD00-4954-A81F-F0A201343CB9}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B4AF4881-7230-4AE0-8D3A-02F96F339454}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B4AF4881-7230-4AE0-8D3A-02F96F339454}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EBF161F0-F347-441A-9C0D-0ACA7824793B}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4708B2F-DC00-4EF6-9559-A5DD9E86047C}\ = "IGRFont" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CA0A5CBE-7EEC-44FD-ABFD-FC65BFED8618}\ = "IGRChartSeries" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF39550B-2A23-418A-ACEC-812C70EA5A62}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FD5DC62-DED0-4138-9C48-55F0A0FE7B66}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB11F828-A97B-4BC3-9B7A-9D2DDEB1C229}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D40307C2-9342-4C0D-9734-A103418186FE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4AA885F-AF9C-4032-A65A-F3DFD458C289}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60EB191F-5E63-41E7-808F-C66EC7A8EF26}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4018F953-1BFE-441E-8A04-DC8BA1FF060E}\6.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07120975-B963-4F75-9B4D-0AC979FEBB5D}\ = "IGRControl" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE9AA791-4C55-4E06-A592-08D8DF88A941} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23AF6C8A-0F15-45E3-A10D-9373BB15AC86}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08513FC1-CCCE-4603-8DD1-35BA1CA8D1CD}\ = "IGRColumnTitle" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5BCB27BB-9750-4B28-9384-77801FB0D4EB}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FD5DC62-DED0-4138-9C48-55F0A0FE7B66}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F803AE1D-B578-490A-A1FE-38976AD2B625}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCDB44D7-4E0B-4EB6-A1E2-092689E8A482} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39A2C13A-D695-44BD-8339-A94FA64CB62B}\ = "IGRMemoBox" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE08C5A0-22B5-4664-9DAA-4BB97C2C0771}\ = "IGRUtility" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A246AC9-1715-40B6-A483-DE9F3E8DA43C}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDAA7F5B-E100-49B7-93F2-6B66FC93BE55}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_e16c92488d15f40f330c62469d17a54f_hacktools_icedid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Program Files\JiaRong\JiaRjishu.jrs
| MD5 | 259c1da17b442ac2f27ea1ff4625e7d3 |
| SHA1 | 54437d7ce0fc459ed603dc8709254c6971cd34e0 |
| SHA256 | 6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a |
| SHA512 | 75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796 |
memory/1444-6-0x0000000010000000-0x0000000010917000-memory.dmp
memory/1444-12-0x0000000010000000-0x0000000010917000-memory.dmp
memory/1444-13-0x0000000010000000-0x0000000010917000-memory.dmp
memory/1444-26-0x0000000010000000-0x0000000010917000-memory.dmp