Overview

overview

10

Static

static

10

2024-10-09...id.exe

windows7-x64

7

2024-10-09...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2024 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-09_b55f2bc8b45700879406c5e3084629a8_backswap_icedid.exe

  • Size

    2.6MB

  • MD5

    b55f2bc8b45700879406c5e3084629a8

  • SHA1

    e999efbd804a701ffdafee59665556908c8dd215

  • SHA256

    a6d4eb7ccabfb8f39adc6addf568297ad3ad718a024ce1b1d19be55c68c06451

  • SHA512

    9c43f5b176a31593d6c881aa5a01f11861c0f193e805854b0c78df34ff69a9ddd04d3dbf3edf1c55ee9b103bb1b2d928966e680a6e7a23029fef5ac651a75cfe

  • SSDEEP

    24576:5nWYXDaHMv6CorjqnyPQGzh0JONZejOuC+e4mOzrvxiI3ENyesg/jHLxQVIxX6LI:tl1vqjdPQRw/D4mizA0dizLrB51vR

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NTFS ADS 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-09_b55f2bc8b45700879406c5e3084629a8_backswap_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-09_b55f2bc8b45700879406c5e3084629a8_backswap_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Program Files\64Âë¸ßÇåÍøÂçµçÊÓv2.4.2.exe
      "C:\Program Files\64Âë¸ßÇåÍøÂçµçÊÓv2.4.2.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3616
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 C:\WINDOWS\Media\ActiveX.ocx /s
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\64Âë¸ßÇåÍøÂçµçÊÓv2.4.2.exe
    Filesize

    642KB

    MD5

    d871f2c4088b8b4044a06352378e5f47

    SHA1

    1ac52a4fa15aaee20307c475ff0ef95351418074

    SHA256

    bfc4f31183a35555e19d2095a743129b20949acbcb5ea43a5fbfaa0b7e624bfa

    SHA512

    294a0cc0d8f89b077821ed97891dc693bdb6dd3f7b4436840f78e5663ece817cf6400d782f31ae33b8fdbbffa9c1691e2411fc9240d2100c2c1e2a4be71b2d68

    Download Submit

  • C:\WINDOWS\Media\ActiveX.ocx
    Filesize

    12B

    MD5

    df18cc24f77c65c4b441e74e68acb197

    SHA1

    10c922398850edcffce9b62bf442931891b9e3c0

    SHA256

    e72bc52f1b55066c5cc81a73d26d890cec11be7ff34fcab72e012c2e22364b05

    SHA512

    7809df12555abf3c4727cb86cdd198a2e4531adca79be208870fbc21a70af924b69dfc9ad86843d4b488c985d9b6fc4759285894ece0214ae3252595ab08fea6

    Download Submit