Overview

overview

7

Static

static

3

2024-09-29...id.exe

windows7-x64

7

2024-09-29...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    95s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/09/2024, 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-29_6e24cfb074482688a2eb6e203e5faa98_icedid.exe

  • Size

    7.5MB

  • MD5

    6e24cfb074482688a2eb6e203e5faa98

  • SHA1

    a7d0254be4ed4bda1ec9843d3ebb36c485248566

  • SHA256

    1f9ceb899968ccf76bf853ed25c69ff758a1cb24630a60c34dcb06596796baeb

  • SHA512

    3e4f4c681ec3ee3fc69944afa60c77c4766f6bf8a168bd8153e521a7a44b1f2b737dfac7b47c5cb50993d15b44417afa5a65d5fc8869d24ef205f9cdb1e3ff7d

  • SSDEEP

    196608:HmY+ypo9zYMXsJagR+NxtmOLYEmSwflXGNWoRnLIs:l1pagR+NxRmVnoRLIs

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-29_6e24cfb074482688a2eb6e203e5faa98_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-29_6e24cfb074482688a2eb6e203e5faa98_icedid.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
      "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\2024-09-29_6e24cfb074482688a2eb6e203e5faa98_icedid.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2796
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4cc 0x308
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd
    Filesize

    13KB

    MD5

    5998932d737c2d3ed01c8300f6cb799d

    SHA1

    2b0a680c553a5069357d82d31e6859d33bc89e13

    SHA256

    edb406448f4fff3ec449389631797b4d57acff7f30434ad54ecd50504d629ad0

    SHA512

    ee5e2bf2b955b1d2bf7da18eb315cdb63f6bcfe625993882a1046de1eb81296f8ebb2f56b535e8fd0c3079afee4e81d77f05365ebfea8cad69c281d807b226f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\Logo-257-554-black-graphic.ico
    Filesize

    211KB

    MD5

    a0f905cf9ded69a296d9eac9db790ede

    SHA1

    164c8d907b308767714818fa206087be04e76663

    SHA256

    57226ad3848cc295c5a1fca957e05080ba231f04c501e5eb6912c08be3dcdaf3

    SHA512

    46554263c60e20c40de2e3b8decc9dfb47413444a1316c48030df8277d106e98e6cae2dc5122a94c406b5625859a221491ac654de43d493259cc814f9a817322

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
    Filesize

    2.8MB

    MD5

    c62b3d152add97d093cb23fcd55b2167

    SHA1

    196b85f64e03d01ca9365d2f7be752643995f897

    SHA256

    f5dc54eafe085cf0bf3202c0913a3b4e21a5443ad4bb1817055d4021dbaed231

    SHA512

    486fa4e96b6eeb62619b1b61bdcc66462d414f34f1ae9a651a7e181594c3c73a3864f59a054df0956a52721bfae1ad04b1dc5caffbe7c0badb5333270f4c3e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll
    Filesize

    327KB

    MD5

    50f1d9f2093914c7712068608f3d66f2

    SHA1

    c38c655526b9ba929f01259cd35abb65744448f0

    SHA256

    ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

    SHA512

    07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

    Download Submit

  • memory/2796-33-0x0000000000400000-0x0000000000AF9000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/2796-38-0x0000000000400000-0x0000000000AF9000-memory.dmp

    Filesize

    7.0MB

    Download