Overview

overview

7

Static

static

3

2024-08-29...id.exe

windows7-x64

7

2024-08-29...id.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    14s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 13:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-29_d3f8759905644ce25ca2a96f6976daa6_icedid.exe

  • Size

    4.2MB

  • MD5

    d3f8759905644ce25ca2a96f6976daa6

  • SHA1

    73e0f34498a9913b79b35d23f111c67c7f47a71e

  • SHA256

    58a967e76d0cc6b92a972907f0a3356e0ef53d7bde3465e5850ee3c5547519c1

  • SHA512

    94bc88de5ff3ab367d9d0d9aa3a0837535ba746b69199372edef2cd798e316c186e42a925531e37dff8a570316aa316a1b7cb72803b7994d8bb50ea4e12a7e7f

  • SSDEEP

    98304:DgFiw73ha3pCDsgG0QjPclQuBVop0ZbbrVPiotn:G7ggDu0mElQEip4hPiotn

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 46 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-29_d3f8759905644ce25ca2a96f6976daa6_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-29_d3f8759905644ce25ca2a96f6976daa6_icedid.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 "C:\Users\Admin\AppData\Local\Temp\blpj.dll" /s
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2720

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\blpj.dll
          Filesize

          3.3MB

          MD5

          67415da0dfb59fbdf92f4d289304afee

          SHA1

          6c3fc19d3c82e524cd0084363c40a677b00ff5ac

          SHA256

          f33368f0064861ccfae2c92fbbe0732c9b67e17e0cc66c02ac5c5baeca9a000c

          SHA512

          4a659801bb31b59263ed4371b9b07f7292a5310953f50df9518823bbae6526a78f406a57a4172d8cde2a122dc693531505c0870fde160e2ebe3a1eaf2e8f6e3a

          Download Submit

        • memory/2240-1-0x0000000000400000-0x0000000000843000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2240-0-0x0000000000462000-0x0000000000463000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2240-2-0x0000000000400000-0x0000000000843000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2240-18-0x0000000074230000-0x000000007458E000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/2240-19-0x0000000074230000-0x000000007458E000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/2240-20-0x0000000000400000-0x0000000000843000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2240-21-0x0000000074230000-0x000000007458E000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/2720-15-0x0000000073E20000-0x000000007417E000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/2720-16-0x0000000073E20000-0x000000007417E000-memory.dmp

          Filesize

          3.4MB

          Download