Overview

overview

10

Static

static

3

2024-09-28...id.exe

windows7-x64

10

2024-09-28...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2024 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-28_c40657dbaa768159311c900040e87331_hacktools_icedid.exe

  • Size

    8.5MB

  • MD5

    c40657dbaa768159311c900040e87331

  • SHA1

    28cc975a0f0e60cc150335aacf8de42bdccc6c10

  • SHA256

    282661148dc431420779b56160af125bcc0f239fc4038e625134874a9b97cc38

  • SHA512

    c0f0f24e060fb7579d7824d8e1501669d2d029c3386add4ae22c155ff22ec617ba7905708f84e677fc8e017ed4749395987037d8f5963eacb92777da49e12400

  • SSDEEP

    98304:KmIeZ0xhRbMCNd+Fe5r9WNc7weFh3TMVBhQzh+hG1c7pyZCUpwhuJBAUZLl:pIeZOzNQSr9WQqhah+hGsyrpwhuJVZ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-28_c40657dbaa768159311c900040e87331_hacktools_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-28_c40657dbaa768159311c900040e87331_hacktools_icedid.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5048
    • C:\Users\Admin\AppData\Local\Temp\»ðÈÞ°²È«Èí¼þÍÐÅ̳ÌÐò.exe
      C:\Users\Admin\AppData\Local\Temp\\»ðÈÞ°²È«Èí¼þÍÐÅ̳ÌÐò.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\»ðÈÞ°²È«Èí¼þÍÐÅ̳ÌÐò.exe
    Filesize

    900KB

    MD5

    75ec8484d197ebb85bc4751fc469d807

    SHA1

    8dd233dd3b476cdea5cc71d25dee77e86be4a682

    SHA256

    3854dccf4b6d29be3f9ac9b76d584b39335ee8fd109ed21ae69e85be36d0d76f

    SHA512

    a9190d3ad252a965aee60b855c421413a7c2d31f95640715364f827ba8eac285720580075ba9fe838407159dc197f4df6ba77007f8d63e8e204c1f3ad57e21c3

    Download Submit

  • memory/4692-8-0x0000000000400000-0x000000000053A000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4692-9-0x00000000761D0000-0x00000000763E5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4692-3277-0x0000000000400000-0x000000000053A000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/5048-0-0x0000000002C70000-0x0000000002C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5048-1-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5048-3-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5048-2-0x0000000002D90000-0x0000000002D91000-memory.dmp

    Filesize

    4KB

    Download