9911d1d1824d7b20fe35b78ea662f83589db2d16a2b51d201f77f69ce565ab15

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe
Size

11.6MB
MD5

d4aa01ea3735b5ae3eb925670b7a216e
SHA1

26a3c56de769374563e04b9b6667c2438658772f
SHA256

9911d1d1824d7b20fe35b78ea662f83589db2d16a2b51d201f77f69ce565ab15
SHA512

739b84923f82247b073234e29615c377d59049030b48d954689241577a9950fefc1fd6db1dcb1df71f103318f0868839c0a3b36ee32ec5d0b3ff185c7a3a9bc7
SSDEEP

196608:ESlTdfPZBzPPfmutodvfp+wcaLmNNWoGloH5oGlb:EkTZPZ5PPHof3caLhoGEoGl

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2428	2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\»ª¿µ·½Ô²Ìå.ttc	2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe
File opened for modification	C:\Windows\Fonts\»ª¿µ·½Ô²Ìå.ttc	2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2428	2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2428	2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2428	2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe
2428	2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe
2428	2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-30_d4aa01ea3735b5ae3eb925670b7a216e_icedid.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Fonts\»ª¿µ·½Ô²Ìå.ttc

Filesize
3.0MB

MD5
9e2bb6b2bb10afa680bc89aa659f4eef

SHA1
8c8da05d183476c3c5dafd7e1b54aa6262402d48

SHA256
523512e0ab8cdad203aa9adb6da88283eb151abae96258a760b222acc62bbccb

SHA512
361e059ccec0785f6a6a444e7f1ba804cad1959af7cf8b6372d5d1ca174471c1b2fd52787f17509336e3286a970ab2954028dfbfb5bb45a7e33cf3f83a3cd51b

Download Submit
\Users\Admin\AppData\Local\Temp\plugins\HPSocket4C.dll

Filesize
1.7MB

MD5
707aa56cf742eb934185edf0a69d7289

SHA1
dab68976c4bd2d420c8adcd268fc1ffdd5e277e0

SHA256
3582d7ad93c54c2efddac6df4cf7d9e4b2ef1d8895dc9d12a781faf3cfb8bf12

SHA512
8be50ffedd0a250b4519069cec5781a9d0182fe47dce79c1991fc775a9580550c4b512de37e3423dc5d22013dce4cdcb1f178becbf5ef8ccb610c7ccd6d0f54d

Download Submit
memory/2428-0-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2428-1-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2428-2-0x000000000040A000-0x000000000040B000-memory.dmp

Filesize
4KB

Download
memory/2428-7-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-17-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-18-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-19-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-21-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-22-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-23-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-24-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-25-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-26-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-27-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-28-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-29-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-30-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-31-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-39-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-40-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-41-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-42-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-43-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-44-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-45-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-46-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-47-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-48-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-49-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-50-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-51-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-52-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-53-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-54-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-55-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-56-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-57-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-58-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-59-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-60-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-61-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-62-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-63-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-64-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-65-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-66-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-67-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-68-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-69-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download
memory/2428-72-0x0000000000400000-0x0000000000FF1000-memory.dmp

Filesize
11.9MB

Download