Malware Analysis Report

2025-04-14 03:49

Sample ID 240612-xcw86avhqd
Target 2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid
SHA256 dc237dea492d55204bc76155af340a73563c36a7c6d339dbb7402b605aa5c8de
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

dc237dea492d55204bc76155af340a73563c36a7c6d339dbb7402b605aa5c8de

Threat Level: Shows suspicious behavior

The file 2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:43

Reported

2024-06-12 18:45

Platform

win7-20240419-en

Max time kernel

118s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Reference\several.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference\several.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe N/A
File opened for modification C:\Program Files\Reference\several.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe"

C:\Program Files\Reference\several.exe

"C:\Program Files\Reference\several.exe" "33201"

Network

N/A

Files

\Program Files\Reference\several.exe

MD5 45a664ce6614a8152a693a25a2e5cbc5
SHA1 d6bc3d6bf232991ce22d51981489e23170de0329
SHA256 653287dcd323c9ec9e1a55e8637fd7ab026f16e592a1d801d1530734420fcf32
SHA512 84e40fb13830c7023fcd2bbdb4480816e664b97b3537b93a096c529a1286b8178f1d4a747a34ada396bd8c12bee368a01b3b60325d6fb8ce771abde5715ad3b6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:43

Reported

2024-06-12 18:45

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

58s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\several\structures.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\several\structures.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe N/A
File opened for modification C:\Program Files\several\structures.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1461afbb436e1b7d7682a61d45f6e6f5_icedid.exe"

C:\Program Files\several\structures.exe

"C:\Program Files\several\structures.exe" "33201"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\Program Files\several\structures.exe

MD5 2430bd4cfe45b9f8080dba12e8579ef6
SHA1 1c4d90f5f8e3bff9c996ceb77837aa9185a310b9
SHA256 18d47d5359d814497a0a8e6bb3c2aacefdbee7e435c2f8e4f4bc48af6f410af3
SHA512 93b5152199b42eab51fde199a2b2e9cf180e8be8452aba504b77f84b8360004fb9b1a7eb85774340e188ca2af32bac685a2e7f9081efd11055848d4cf1d68af9