Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09-10-2024 15:26
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe
-
Size
3.5MB
-
MD5
bfbef9046b440830dd7d1938b448a7dc
-
SHA1
0c1d1ad2b48a9fcf131abac0e3a75416ae3dd54d
-
SHA256
c8d3aa45bda496a0882db054b685bd5ed2f08f59fd95269ede0ccbd6f1be2642
-
SHA512
97f8e647bedfcf8b0304498842cf4b8b48298e19a2c5e990facf27d3dc2351598498d7236c8179d32557301e1f61f62ba5b301af0d283a681ceff2d9f14bab9a
-
SSDEEP
49152:EXAzKCBPHUUKT4PMCGJGHGHPS88ZK+QGLj98XgaScqIAttN7D/fCIv6FvI+9m:f7sU04PMJsI8jQGLyXgq1a3lh
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2768 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2108 wrote to memory of 2768 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 30 PID 2108 wrote to memory of 2768 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 30 PID 2108 wrote to memory of 2768 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 30 PID 2108 wrote to memory of 2768 2108 2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Users\Admin\AppData\Local\Temp\2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe" RunSendSoftOnlineInfo2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2768
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36B
MD55a827b59f2db9c0bbd8291cc2a990074
SHA1db0cef5fc216f6130937aec826f2bc20f65f28c1
SHA2562b6fa068c455868a0bde1bf32813b733140a4efaa4f78cc7f77c86d4e0753fc7
SHA512d5fbd20814151a1cc8ef446cf717241d8fcb951f6ce53b18e4f224400f91ee2f575a0985b57728867b95a101c580bb43c339dfca03c91e90fb3cd52f0eeb093e
-
Filesize
34B
MD58e9624b64e11f14aa14cf2c6804fed15
SHA1f49d9610865501f8c4f282979a96905b95b09e2d
SHA256485c32595d61ee4da3eae295aa8e4d389ca6adc36e92bcab4f3fefe3266fd9c5
SHA512345dcd30fe3690d1d623ecd1c5392d5fb54e337a9062ca9076e7ef77d151922832be0fdc863a3b0c91133d3b75269948a6c9eb6c4d082d5a4be511b4b736c46e