Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 15:26

General

  • Target

    2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe

  • Size

    3.5MB

  • MD5

    bfbef9046b440830dd7d1938b448a7dc

  • SHA1

    0c1d1ad2b48a9fcf131abac0e3a75416ae3dd54d

  • SHA256

    c8d3aa45bda496a0882db054b685bd5ed2f08f59fd95269ede0ccbd6f1be2642

  • SHA512

    97f8e647bedfcf8b0304498842cf4b8b48298e19a2c5e990facf27d3dc2351598498d7236c8179d32557301e1f61f62ba5b301af0d283a681ceff2d9f14bab9a

  • SSDEEP

    49152:EXAzKCBPHUUKT4PMCGJGHGHPS88ZK+QGLj98XgaScqIAttN7D/fCIv6FvI+9m:f7sU04PMJsI8jQGLyXgq1a3lh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-10-09_bfbef9046b440830dd7d1938b448a7dc_icedid.exe" RunSendSoftOnlineInfo
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Config.ini

    Filesize

    36B

    MD5

    5a827b59f2db9c0bbd8291cc2a990074

    SHA1

    db0cef5fc216f6130937aec826f2bc20f65f28c1

    SHA256

    2b6fa068c455868a0bde1bf32813b733140a4efaa4f78cc7f77c86d4e0753fc7

    SHA512

    d5fbd20814151a1cc8ef446cf717241d8fcb951f6ce53b18e4f224400f91ee2f575a0985b57728867b95a101c580bb43c339dfca03c91e90fb3cd52f0eeb093e

  • C:\Users\Admin\AppData\Local\Temp\SoftApp.ini

    Filesize

    34B

    MD5

    8e9624b64e11f14aa14cf2c6804fed15

    SHA1

    f49d9610865501f8c4f282979a96905b95b09e2d

    SHA256

    485c32595d61ee4da3eae295aa8e4d389ca6adc36e92bcab4f3fefe3266fd9c5

    SHA512

    345dcd30fe3690d1d623ecd1c5392d5fb54e337a9062ca9076e7ef77d151922832be0fdc863a3b0c91133d3b75269948a6c9eb6c4d082d5a4be511b4b736c46e