Analysis Overview
SHA256
d6889844496eecf7517d023d134d9eacfac9fe0f6a6b45373740136998fbe962
Threat Level: Known bad
The file 2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
UPX packed file
ACProtect 1.3x - 1.4x DLL software
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Drops file in Program Files directory
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 16:10
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 16:10
Reported
2024-06-04 16:12
Platform
win7-20240221-en
Max time kernel
143s
Max time network
123s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\JiaRong\JiaRsoft.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| File created | C:\Program Files\JiaRong\JiaRjishu.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C2FC87F-12F8-4A09-8A4A-792671C03C74} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5C2FC87F-12F8-4A09-8A4A-792671C03C74} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FD5DC62-DED0-4138-9C48-55F0A0FE7B66}\TypeLib\ = "{4018F953-1BFE-441e-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E66EBBF5-ED8D-44E7-8A6C-E6579ADCC7D4}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{17807BD9-44BC-4550-B104-C2A074786BFF} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60EB191F-5E63-41E7-808F-C66EC7A8EF26}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60EB191F-5E63-41E7-808F-C66EC7A8EF26} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8FE11B07-22DC-4691-85D7-0469364B4B46}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C3112650-36D2-4928-9D6C-C0A21CCC1EBA}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCDB44D7-4E0B-4EB6-A1E2-092689E8A482}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39A2C13A-D695-44BD-8339-A94FA64CB62B} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{72A79692-2F9E-4FEC-92CC-6B4A7375A3D6}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24DE1EBE-5D9C-40EC-A11A-21AF7D0C0D36} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B2CC2C43-CF42-4E38-BDBB-5C04DF11793F}\ = "IGRReportFooter" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2F421D7-73FA-462F-9BF5-7DA3E512CA00}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3BB506AB-425B-43B0-BC82-28A61FCCF686}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5DABF9AD-2396-4C11-BFD7-A5EE39772954}\ = "IGRFreeGridRow" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE08C5A0-22B5-4664-9DAA-4BB97C2C0771}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{72A79692-2F9E-4FEC-92CC-6B4A7375A3D6}\ = "IGRColumn" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08513FC1-CCCE-4603-8DD1-35BA1CA8D1CD}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{273631DD-1CAC-49E9-92EE-584F48921A1E}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF39550B-2A23-418A-ACEC-812C70EA5A62}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44CBB5DE-5AFB-4c3d-8F3F-0F70CA5372AD}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6148-7511-41EF-8062-BD89A0A92D40}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F623A5E8-4AE4-494E-975B-3C5404428625}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C3112650-36D2-4928-9D6C-C0A21CCC1EBA}\ = "IGRCrossTab" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4AF4881-7230-4AE0-8D3A-02F96F339454}\ = "IGRStaticBox" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4AF4881-7230-4AE0-8D3A-02F96F339454}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7FC1D3A0-693F-486E-BDF3-02E98F50F9F3}\ = "IGRPageHeader" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F82DF93F-5FF2-40A6-B50B-016666EC08CA}\ = "IGRReportHeader" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83CC68EF-B558-45BB-8023-6C4F3BDADA7B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44CBB5DE-5AFB-4c3d-8F3F-0F70CA5372AD}\ToolboxBitmap32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCDB44D7-4E0B-4EB6-A1E2-092689E8A482}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E66EBBF5-ED8D-44E7-8A6C-E6579ADCC7D4}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6148-7500-41EF-8062-BD89A0A92D40}\ = "IGRPictureBox" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36971202-D715-4AFC-83D4-7C0DDD8872E8}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07120975-B963-4F85-9B4D-0AC979FEBB5D}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F00CE27D-D1E3-4EF6-9877-BF3233EBF551}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60EB191F-5E63-41E7-807F-C66EC7A8EF26}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C2FC87F-12F8-4A09-8A4A-792671C03C74}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B753063D-AEBA-4E5E-B53A-F89B68F1F622}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2564DCE8-FEDB-4EB6-B7F9-5026F7F1041E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B753063D-AEBA-4E5E-B53A-F89B68F1F622}\ = "IGRGroupFooter" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AACDAA8B-5EBB-4CC7-BCB9-C300FE7184A5}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{17B23325-7316-4098-9FE3-B5A1C24DB296}\ = "IGRPrinter" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17B23325-7316-4098-9FE3-B5A1C24DB296}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{273631DD-1CAC-49E9-92EE-584F48921A1E}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{42F6AF5F-5FC4-4F44-9812-1FBD9224CE2C}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewer\CurVer | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D1E02B3-E1BD-4C84-95F8-BB19BBB481F0} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CA0A5CBE-7EEC-44FD-ABFD-FC65BFED8618}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C04A6148-7500-41EF-8062-BD89A0A92D40}\ = "IGRPictureBox" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4AA885F-AF9C-4032-A65A-F3DFD458C289}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07120975-B963-4F85-9B4D-0AC979FEBB5D} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CA0A5CBE-7EEC-44FD-ABFD-FC65BFED8618}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6FA2BE8F-B674-49A9-A081-FE3968AE8D8D}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60EB191F-5E63-41E7-808F-C66EC7A8EF26}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0574ABEB-B0DA-465D-9EB7-286C00F3628F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24DE1EBE-5D9C-40EC-A11A-21AF7D0C0D36}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B2CC2C43-CF42-4E38-BDBB-5C04DF11793F}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe"
Network
Files
\Program Files\JiaRong\JiaRjishu.jrs
| MD5 | 259c1da17b442ac2f27ea1ff4625e7d3 |
| SHA1 | 54437d7ce0fc459ed603dc8709254c6971cd34e0 |
| SHA256 | 6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a |
| SHA512 | 75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796 |
memory/2220-5-0x0000000010000000-0x0000000010917000-memory.dmp
memory/2220-10-0x0000000010000000-0x0000000010917000-memory.dmp
memory/2220-11-0x0000000010000000-0x0000000010917000-memory.dmp
memory/2220-13-0x0000000010000000-0x0000000010917000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 16:10
Reported
2024-06-04 16:12
Platform
win10v2004-20240426-en
Max time kernel
141s
Max time network
95s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\JiaRong\JiaRsoft.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| File created | C:\Program Files\JiaRong\JiaRjishu.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77FD1006-7067-41FF-A712-0F356A6ACE8C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A246AC9-1715-40B6-A483-DE9F3E8DA43C}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{488B2328-67C0-42D1-A133-303FF60D8AE2}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07120975-B963-4F85-9B4D-0AC979FEBB5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4FA44042-1421-46DE-9ACA-A44753FF06C6}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE08C5A0-22B5-4664-9DAA-4BB97C2C0771}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GridppReport.6\CLSID | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4AA885F-AF9C-4032-A65A-F3DFD458C289}\ = "IGRE2RTFOption" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42F6AF5F-5FC4-4F44-9812-1FBD9224CE2C} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B5EA181-A38D-4f42-88B2-6AF74CF6D6C0}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4708B2F-DC00-4EF6-9559-A5DD9E86047C}\ = "IGRFont" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1C0E90D-B75A-4FFD-A542-54C9E44785A6}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04CEA260-DD00-4954-A81F-F0A201343CB9} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDAA7F5B-E100-49B7-93F2-6B66FC93BE55}\ = "IGRSubReport" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDAA7F5B-E100-49B7-93F2-6B66FC93BE55}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BB12AEBD-5839-4A5E-9944-65B6798381C8}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BB12AEBD-5839-4A5E-9944-65B6798381C8}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C3112650-36D2-4928-9D6C-C0A21CCC1EBA}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B5EA181-A38D-4f42-88B2-6AF74CF6D6C0} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewerProps.6\CLSID | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6CA58CB2-2AD1-4ad0-B3CC-5F5C000BBDEE}\VersionIndependentProgID\ = "gregn.GRPrintViewerProps" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{07120975-B963-4F85-9B4D-0AC979FEBB5D}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23F65787-D22B-4CA6-BA49-D22B63CA353A}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B4AF4881-7230-4AE0-8D3A-02F96F339454}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C04A6148-7511-41EF-8062-BD89A0A92D40} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{273631DD-1CAC-49E9-92EE-584F48921A1E}\ = "IGRE2PDFOption" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewerProps\CurVer\ = "gregn.GRPrintViewerProps.6" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72A79692-2F9E-4FEC-92CC-6B4A7375A3D6}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5C2FC87F-12F8-4A09-8A4A-792671C03C74}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{330F80F5-4568-4F70-BFCB-683D3B90FEBB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CA0A5CBE-7EEC-44FD-ABFD-FC65BFED8618}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F82DF93F-5FF2-40A6-B50B-016666EC08CA} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F82DF93F-5FF2-40A6-B50B-016666EC08CA}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E5561733-9CD9-4D47-AE6B-3CB10A3D6772}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BB12AEBD-5839-4A5E-9944-65B6798381C8}\ = "IGRColumnContentCell" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRDisplayViewerProps | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FD5DC62-DED0-4138-9C48-55F0A0FE7B66}\ = "GRDisplayViewerProps 6.0 Class" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6CA58CB2-2AD1-4ad0-B3CC-5F5C000BBDEE}\ProgID\ = "gregn.GRPrintViewerProps.6" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77FD1006-7067-41FF-A712-0F356A6ACE8C}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9EF8E78-8E3A-428C-93C5-F52E146CB6FF}\ = "IGRPen" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1D1E02B3-E1BD-4C84-95F8-BB19BBB481F0}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04CEA260-DD00-4954-A81F-F0A201343CB9}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F82DF93F-5FF2-40A6-B50B-016666EC08CA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BB506AB-425B-43B0-BC82-28A61FCCF686}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{95EB847D-6550-4FC7-A123-DE050E0328AA}\ = "IGRDateTime" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F623A5E8-4AE4-494E-975B-3C5404428625}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FD5DC62-DED0-4138-9C48-55F0A0FE7B66}\ProgID | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F9B62D-9E33-484A-BB3C-BD58007BDAA2}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C04A6143-7500-41EF-8062-BD89A0A92D40}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F9B62D-9E33-484A-BB3C-BD58007BDAA2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AACDAA8B-5EBB-4CC7-BCB9-C300FE7184A5}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FE11B07-22DC-4691-85D7-0469364B4B46}\ = "IGRFreeGridColumn" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9364159-6AED-4f9c-8BAF-D7C7ED6160A8}\TypeLib\ = "{4018F953-1BFE-441e-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRDisplayViewerProps\CLSID | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17B23325-7316-4098-9FE3-B5A1C24DB296}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5D15E31-FA9A-42BE-BE9C-8688E7D9D6A0}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRDisplayViewer.6\CLSID\ = "{1B5EA181-A38D-4f42-88B2-6AF74CF6D6C0}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48636E6A-758E-46C0-B37A-C2A2CAC9469A}\ = "IGRControls" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1C0E90D-B75A-4FFD-A542-54C9E44785A6}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_ca7d2228b66f5c487ca56e57bd98f714_hacktools_icedid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Program Files\JiaRong\JiaRjishu.jrs
| MD5 | 259c1da17b442ac2f27ea1ff4625e7d3 |
| SHA1 | 54437d7ce0fc459ed603dc8709254c6971cd34e0 |
| SHA256 | 6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a |
| SHA512 | 75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796 |
memory/4516-6-0x0000000010000000-0x0000000010917000-memory.dmp
memory/4516-12-0x0000000010000000-0x0000000010917000-memory.dmp
memory/4516-13-0x0000000010000000-0x0000000010917000-memory.dmp