8a9ff4212e3e005005018d691c17d37643cf4301db2b60357d2bcb2739b8cc0c

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 02:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe
Size

5.1MB
MD5

6a19b69c33563c4012d16b7faa6025ff
SHA1

a180d2199cd63d67d5214120ad9c1105620f79f0
SHA256

8a9ff4212e3e005005018d691c17d37643cf4301db2b60357d2bcb2739b8cc0c
SHA512

1681ef33941ed987a33490cb9b91f7a36cfa43ff5c8f426a3dc9d3e311ccb8ef9b9664cd013eb0707dcc120eb9f6ef376477de6c768b5dbd7b8f4a1d5f74f075
SSDEEP

49152:AYiIZT+SYa4bPLQ/n0XgCj59OEOAawmJEsT1BKbSDjHgAck7tUfQj:XiSTBYa4bPMu59OEOFD3Kb2ML3+

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1932	2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe
1932	2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe
1932	2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe
1932	2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1932	2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe
1932	2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-13_6a19b69c33563c4012d16b7faa6025ff_icedid.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1726193880\BaseBoardApp.dll

Filesize
63KB

MD5
3fe75d99565488ed78ae1d18d8f57366

SHA1
125184373ab255fa865880b47b5e7d4e78128607

SHA256
95d15d0f7430f6163e42ecac318bbc94c41bdbd6aeb885e8035130eefaab1d49

SHA512
4fa722e82b6bc4ac63823ed15da42540f521c93b9675d21ee726f47d10434f025c3f30ea2fdf7ebc628f63b406814bf6b0b7f7a24ce68b724936cbd19b1c5903

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726193880\ISMBoard_Dll.dll

Filesize
329KB

MD5
0a5f2550d8ae995f77613271f5a7e415

SHA1
71cd5b219746ab42c28a49ef6af7858945390735

SHA256
526cfaf10931b6cf811f2ddd6534af31a2ad2464a058325ac15cbf457db13f08

SHA512
31d94d94ecba3b17127958c2976a9ff641c3a4002697535dfeb887a26ba6a800ccdc3f06b1d33b5594b839ff2d2553d6401b0efb69d6dcace373d61feabc4805

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726193880\O4Flow2Board.dll

Filesize
72KB

MD5
5b862322bccd795da10d7f25bfff5bc4

SHA1
87dfd0dcf4faa8a5457f3e628e97ddad86d2924b

SHA256
d4c873da1bc4abb83f0d7dc2b0eb39a8794f0458ab2597dd5974978fd2b8a930

SHA512
387e06fd42a72ac8b44fb5eb568f97fd59ff78dbe7ce44903a25a938fb31735a0bd6875467fbb69b7c080e0bee43b4048cf348616aab8a38713f2aa40aa4cdac

Download Submit
C:\Users\Admin\AppData\Local\Temp\1726193880\RelayBoardApp.dll

Filesize
33KB

MD5
8cc8ad1d73c7af22c9f0c07394663ee9

SHA1
7602bc0cbef76363ccc92239b1403f5e142ab203

SHA256
55107d24a55c4b4b19ca709b5882cc37bfaa51e814c6fe7eef130cc67d21cbdc

SHA512
87e941a7d67d39ef264b3505a479858521db3ade9c7799786a21fb38ca999b7136b86f86d36203993a3fd568755d130e30ff84787def9e0d8441a2fed6b4e579

Download Submit
C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin

Filesize
2KB

MD5
df5883e4b0e775a9cadb36e297b21691

SHA1
24c281b76908b8b0ac0accb0adfe50a08d17aa66

SHA256
5200f3b85d9fb27ac6afcc233bca9d45169193ac681a6f6ae192167d2769b2fd

SHA512
863ec02f176779cbf35e65364eb8e639dbb557681e424e450e91fb458a5176fceb646f71945cb6ec5dfb31820bf46a73278b84586743b2c9b56868f1ada7ca3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

Filesize
40KB

MD5
8fa6c00cb4e0994583884a07d33804f0

SHA1
1011a2f69bed876ae4b9b293be76cb6326df9f36

SHA256
c3911ce475297e422919eb0475072cc4dd67ed7502e095218372b25478daa7ec

SHA512
fd8f09e6bc9848296bca39191b86856eaf9f4946d34e560938c1967d256c4ae0a37d4bc352c6b6e308d00d65b251d35278076165784becd0bb025aa27ccd888d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin

Filesize
2KB

MD5
51c491702d77ddd95f74469c3b7b992a

SHA1
d2780ef2dd343dc15894b4334d359d48ef82f260

SHA256
9d984690b039e862454a54de1b1acf08c74cfa9beea9e5d18f1f21747af7874a

SHA512
b83625e8f4d7e5348c69cb269054c096ba5423d6f9fa6ea8b3f5587a9b8829a47238108c1b53fe913c4529ba897ac5fe7b4e140dc6f8e37d3e843a617b0a3547

Download Submit
C:\Users\Admin\AppData\Local\Temp\O4FLOW2_EEPROM_Simulator.bin

Filesize
2KB

MD5
cfce87e7770bd1cf65879804ff0ea6d3

SHA1
e9f709f1fcbda5477d50ee2839d973db7e7b0a12

SHA256
94e87b74f92af3fc6fbe5ce86bcf7bee50cc76c43bd299bee192d6932c4f7083

SHA512
3475af46290d6dc33b8da5d67f040497da30d59eb24090ac39d9d2dce500f39a68fa790e96550d5c8b6c7b9a0d9d1f3fd09b1002609119dcd4f11770a856e9fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin

Filesize
2KB

MD5
b97680f3dbae582562b7dd7dc2fc076d

SHA1
ce06aa2a20791e9fa640fe974539eb18b09c9efe

SHA256
637078aa98ac559352f6020c8cf20d5cde3afb4e231e1f819fb562570b4ce7db

SHA512
b4619173385f57f0fc6c1746416b54d68f42ed681638b5e1e8ca3d758afccadf95ef483e2557ab7b89ffeb7c4736190dfb5b1110fc251b1bcbe4e1f6eedcf5bc

Download Submit