Malware Analysis Report

2025-04-14 03:45

Sample ID 240612-xgbg9azbpn
Target 2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid
SHA256 a552cabeed8a539e38ed4636f3d3407052775387740b688866aaf93722ae92ce
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a552cabeed8a539e38ed4636f3d3407052775387740b688866aaf93722ae92ce

Threat Level: Shows suspicious behavior

The file 2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid was found to be: Shows suspicious behavior.

Malicious Activity Summary


Loads dropped DLL

Executes dropped EXE

Drops file in Program Files directory

Program crash

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:49

Reported

2024-06-12 18:51

Platform

win10v2004-20240226-en

Max time kernel

113s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe N/A
File created C:\Program Files\.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe"

C:\Program Files\.exe

"C:\Program Files\\.exe" "33201"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1836 -ip 1836

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 1040

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1836 -ip 1836

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 1096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4828 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
GB 216.58.201.106:443 tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 211.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp

Files

C:\Program Files\.exe

MD5 ec82406f2077c60bcca58efefc1a336a
SHA1 6e49133c90ed761accddab3ffdbeeb2dbe3f1634
SHA256 b4e669a3a13c1205684abd57f5aa3458fbcaaf3f7d1171aee05dbc22e4fefc1b
SHA512 d711aca10a15f49e5478876d71c12875657e065d9393834be46d5283992efafe891308b79f1dc42ac3d312d5822f4e8900fcf0bc9892f8e548b5190f9d5da341

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:49

Reported

2024-06-12 18:51

Platform

win7-20240611-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe N/A
File created C:\Program Files\.exe C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_605cdbfeb2359c2fd6672af990a122a0_icedid.exe"

C:\Program Files\.exe

"C:\Program Files\\.exe" "33201"

Network

N/A

Files

\Program Files\.exe

MD5 a7d09bad209362ac87a785893c12e8ef
SHA1 9328e36954361339cbbe190cb23560497c011040
SHA256 1a261473780c8d4e6fdb93439b0fef58e6d220a2daab87812bd01c211172ec39
SHA512 124f52f67f733c66fe64cca24b178bd54da6f55e42fa199e040203caa428a0acd5b67820d2f3488dc802b595b2a16db6667e60e21ff79137a27de97a8e14baa1