Overview

overview

7

Static

static

3

2024-09-04...id.exe

windows7-x64

7

2024-09-04...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2024, 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-04_21d5f50301c5a82ccf7b836343e1e024_icedid.exe

  • Size

    14.5MB

  • MD5

    21d5f50301c5a82ccf7b836343e1e024

  • SHA1

    2fa425ae0af81a2c8f2fb8ecbcb0ca1e4ac862ff

  • SHA256

    c5190c2be8011599f79247c7e131635928ee31b88ff8544d3209742d045f77c7

  • SHA512

    432f3d4be2b9969a6189f2e8d2f65620a4bb03f04bfb43ce0de6561a77e98f2447738491d295698c7f1082ce74604dd82ab9844a34ba18e9133e4e6ee4fc3044

  • SSDEEP

    98304:hXASmB3lGkt0nMbr+tmOP1qJYgw2Ign6MWs6uiprVUrj45nX9sRVVzArOSqeDalG:in0ekPGys6jVp5qtc9BDal

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-04_21d5f50301c5a82ccf7b836343e1e024_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-04_21d5f50301c5a82ccf7b836343e1e024_icedid.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E2EECore.2.7.2.dll
    Filesize

    8.4MB

    MD5

    8b6c94bbdbfb213e94a5dcb4fac28ce3

    SHA1

    b56102ca4f03556f387f8b30e2b404efabe0cb65

    SHA256

    982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

    SHA512

    9d6d63b5d8cf7a978d7e91126d7a343c2f7acd00022da9d692f63e50835fdd84a59a93328564f10622f2b1f6adfd7febdd98b8ddb294d0754ed45cc9c165d25a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\HPSocket4C.dll
    Filesize

    1.7MB

    MD5

    497f270fecfb92e087553728c7ff860c

    SHA1

    ee1c5dc9802a27f7c20cc4b6bb89f68b7071f09a

    SHA256

    285293000a6c91267a59f244505b2d6cec2cde1e76ad44defacc1c974eea20ee

    SHA512

    2ffb39a382b025a2e231a0d0b5259a632af5ab2a08ceed78361cf45002c86e328336efbdc975cbc8dcba11795298e8a8e160fb5520346efd3c838b180ebef99b

    Download Submit

  • memory/1832-18-0x0000000010000000-0x0000000010116000-memory.dmp

    Filesize

    1.1MB

    Download