Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
26-08-2024 00:49
General
-
Target
2024-08-26_2d499ba7fb093d29f703917052cbdba2_hacktools_icedid.exe
-
Size
2.5MB
-
MD5
2d499ba7fb093d29f703917052cbdba2
-
SHA1
596f6b7c98356839210fb4ddf9deb55d1d71d65e
-
SHA256
6795f3912d47769ffb39d713ef62ae77b39521197d738b59145a1e245e0c6cf8
-
SHA512
ea6091bc0a96cb7e6537793f7a0b588b853ba4a1c2e0c86f9b560b8a571c07a19051fbb74b5e050b1766c2a3ecaa0bc865bf4944aa12b63b88d17a2f8ebb3c81
-
SSDEEP
49152:XmvdgqxpQzgXQ3TooLeYN/yKiZ3pWBST1W5KiZ/:IZpQzgXgkoLpN/yKO8OW5KO/
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 9 IoCs
-
Drops file in System32 directory 4 IoCs
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-08-26_2d499ba7fb093d29f703917052cbdba2_hacktools_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-08-26_2d499ba7fb093d29f703917052cbdba2_hacktools_icedid.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DZRJ.VTO"C:\Users\Admin\AppData\Local\Temp\DZRJ.VTO"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh winsock reset3⤵
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120KB
MD5c3adbb35a05b44bc877a895d273aa270
SHA18afe20d8261d217fd23ccfe53bd45ad3bec82d2d
SHA256b2b2ea9737587313d420bde96a42063c002a83e35d9f987f8ec0d5d4d96c262c
SHA512614dc24e3368047d68e2833ecdf9cda1f5ef290fc74287769a70df46bfa937386ce2e1332b3bada0f7e54b470ecdfe7c8bbd4ec3fa1c815f52993bb7edb93afc
-
Filesize
2.5MB
MD5d59cb1fa3cd5ab4c82782d7d468fd13e
SHA1e2ed0bda7c346bb24d2ba2bfaec895a7a1815cc8
SHA256b84ade02b01ac1bfcd1a9d28d2be953786548fb3ddf7416df22cf8430b51b7ff
SHA512bb81d993eb3bfdea2a7bc27d4be115370bcd36ccb05a1f53ceba735d85a45914fa83f15655ed301ff5461b285dd87db5c233d4cdb6ad0ec2b9db1e64b514e9e3
-
Filesize
52KB
MD5b60da4e2e5aceba3ce3d87ee2cd872ee
SHA19bbdbf1f3ce2c000a86e0473da756a4b1031db41
SHA256b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453
SHA512664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874
-
Filesize
56KB