Malware Analysis Report

2025-08-05 16:06

Sample ID 240608-k1f6maaf3y
Target 2024-06-08_10330c24ca4bf496a588f378d39df984_icedid
SHA256 5b403d77d0b7c4e1354325a34e8d5c48635ee82f98889a13c254517cd2f4649a
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5b403d77d0b7c4e1354325a34e8d5c48635ee82f98889a13c254517cd2f4649a

Threat Level: Shows suspicious behavior

The file 2024-06-08_10330c24ca4bf496a588f378d39df984_icedid was found to be: Shows suspicious behavior.

Malicious Activity Summary


Loads dropped DLL

Unsigned PE

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-08 09:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 09:03

Reported

2024-06-08 09:06

Platform

win7-20240221-en

Max time kernel

146s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData\UserFilter = 411f00005308adba01000000320000000100000001000000dc0000005ae832d8a337d001010000000a0061006c0069007000610079002e0063006f006d00 C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ip.cn udp
US 104.21.64.12:80 www.ip.cn tcp
US 104.21.64.12:443 www.ip.cn tcp
US 8.8.8.8:53 www.gdshenzhen.cc udp
US 8.8.8.8:53 s1.uuwise.com udp
HK 43.154.18.100:80 s1.uuwise.com tcp
US 8.8.8.8:53 s1.uudama.com udp
US 8.8.8.8:53 s1.taskok.com udp
CN 116.255.181.147:80 s1.taskok.com tcp
US 8.8.8.8:53 s1.uudati.com udp
CN 113.107.181.45:80 s1.uudati.com tcp
US 8.8.8.8:53 cn.pool.ntp.org udp
US 8.8.8.8:53 1.cn.pool.ntp.org udp
US 8.8.8.8:53 0.cn.pool.ntp.org udp
US 8.8.8.8:53 2.cn.pool.ntp.org udp
US 8.8.8.8:53 3.cn.pool.ntp.org udp
CN 116.255.181.147:80 s1.taskok.com tcp
CN 113.107.181.45:80 s1.uudati.com tcp
US 8.8.8.8:53 www.baidu.com udp
US 8.8.8.8:53 www.baidu.com udp
US 8.8.8.8:53 www.baidu.com udp
US 8.8.8.8:53 www.baidu.com udp
US 8.8.8.8:53 www.baidu.com udp
US 8.8.8.8:53 www.baidu.com udp

Files

\Users\Admin\AppData\Local\Temp\UUWiseHelper.dll

MD5 afd14de763f7c540e686afdc55281039
SHA1 0318a2650104e5eb7b6ca7c02d1e54f276a4f14c
SHA256 09a3bf6a8df99c692ba656779c94932a08b61c21350a4bba4bf19afb40076c6c
SHA512 4ad521f270ea54359c91084f76c9287bea9e93533681d766aa7f7dce60f1f731244c27020af141f8a8329ad6c9ec6b080a1cc7665a14b8cdc3bdbb632905a321

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 09:03

Reported

2024-06-08 09:06

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData\UserFilter = 411f00005308adba01000000320000000100000001000000dc0000005ae832d8a337d001010000000a0061006c0069007000610079002e0063006f006d00 C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-08_10330c24ca4bf496a588f378d39df984_icedid.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ip.cn udp
US 172.67.174.23:80 www.ip.cn tcp
US 172.67.174.23:443 www.ip.cn tcp
US 8.8.8.8:53 www.gdshenzhen.cc udp
US 8.8.8.8:53 s1.uuwise.com udp
HK 43.154.18.100:80 s1.uuwise.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 23.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 s1.uudama.com udp
US 8.8.8.8:53 100.18.154.43.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 s1.uudama.com udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 s1.taskok.com udp
CN 116.255.181.147:80 s1.taskok.com tcp
US 8.8.8.8:53 s1.uudati.com udp
CN 113.107.181.45:80 s1.uudati.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 cn.pool.ntp.org udp
US 8.8.8.8:53 1.cn.pool.ntp.org udp
US 8.8.8.8:53 3.cn.pool.ntp.org udp
US 8.8.8.8:53 2.cn.pool.ntp.org udp
US 8.8.8.8:53 0.cn.pool.ntp.org udp
US 8.8.8.8:53 s1.uudama.com udp
US 8.8.8.8:53 82.29.112.202.in-addr.arpa udp
US 8.8.8.8:53 184.183.28.119.in-addr.arpa udp
US 8.8.8.8:53 123.200.159.162.in-addr.arpa udp
US 8.8.8.8:53 180.102.46.78.in-addr.arpa udp
US 8.8.8.8:53 s1.uudama.com udp
CN 116.255.181.147:80 s1.taskok.com tcp
CN 113.107.181.45:80 s1.uudati.com tcp
US 8.8.8.8:53 www.baidu.com udp
US 8.8.8.8:53 www.gdshenzhen.cc udp
US 8.8.8.8:53 www.baidu.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.gdshenzhen.cc udp
US 8.8.8.8:53 www.baidu.com udp
US 8.8.8.8:53 www.gdshenzhen.cc udp
US 8.8.8.8:53 www.baidu.com udp

Files

C:\Users\Admin\AppData\Local\Temp\UUWiseHelper.dll

MD5 afd14de763f7c540e686afdc55281039
SHA1 0318a2650104e5eb7b6ca7c02d1e54f276a4f14c
SHA256 09a3bf6a8df99c692ba656779c94932a08b61c21350a4bba4bf19afb40076c6c
SHA512 4ad521f270ea54359c91084f76c9287bea9e93533681d766aa7f7dce60f1f731244c27020af141f8a8329ad6c9ec6b080a1cc7665a14b8cdc3bdbb632905a321