Analysis
-
max time kernel
95s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03-10-2024 09:45
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe
Resource
win7-20240903-en
General
-
Target
2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe
-
Size
582KB
-
MD5
0934b9a61a2769f2233ccbd6a7eb5f6b
-
SHA1
2e504f11bfb24ad26034bd746b0a90174fdfe92e
-
SHA256
a5293cee0ae95f6b29d38b95199f982e01982fa9bc70d323f23fd5df1aca6104
-
SHA512
57366bb240e940cd70559318901efe73e2e6ee251b2d0f3da5a5a2d87115105f663b2e89cb27bd5a82c893f2a9b69f3d0c8061287f925b9a3587c3badb11c4ed
-
SSDEEP
12288:egJwz2jLCJj2Og5jzEY0LfOR97uSipht9ZZG501sg6p7k:egJpjLCAOIzEYBb7uSmt9ZZG21wk
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 904 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe 904 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 904 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 904 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 904 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe 904 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe 904 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe 904 2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-03_0934b9a61a2769f2233ccbd6a7eb5f6b_icedid.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:904