Malware Analysis Report

2025-03-15 08:12

Sample ID 241016-jn6ebavanr
Target 2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid
SHA256 fb9ae84a92043881f12b83e048e6f4f2399317d0d5aba79570bcc4e7d7f91ea9
Tags
discovery persistence ransomware
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

fb9ae84a92043881f12b83e048e6f4f2399317d0d5aba79570bcc4e7d7f91ea9

Threat Level: Likely malicious

The file 2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence ransomware

Drops file in Drivers directory

Adds Run key to start application

Sets desktop wallpaper using registry

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies Control Panel

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:49

Reported

2024-10-16 07:52

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\windows\SysWOW64\drivers\spo0lve.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\windows\SysWOW64\drivers\spo0lve.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Journal\Journal.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\InstallStart.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMC.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\java.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Mail\WinMail.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe"

Network

N/A

Files

C:\Program Files\7-Zip\Uninstall.exe

MD5 6f3974a59d6d457b85c3c64b65ea77ae
SHA1 418b6279983e7ac467fad0fb86d6263c6cdb8c38
SHA256 08ed90627d48bc94edf6c96099254c3a0745ebc4c40407411fb7a3b82a16e57f
SHA512 87c7aee0f86e8bd0ae8bcb972335c04c123896c92a8d183cdf470ee34ec15b8ab13b625bb45f58c21d7155847eaefd12d65885017c8b1781b2933833e74e3282

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:49

Reported

2024-10-16 07:52

Platform

win10v2004-20241007-en

Max time kernel

138s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\windows\SysWOW64\drivers\spo0lve.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\windows\SysWOW64\drivers\spo0lve.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pigdesk.bmp" C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Media Player\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Media Player\wmprph.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Mail\wab.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msotd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Windows Media Player\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoev.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\WallpaperStyle = "2" C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\TileWallpaper = "2" C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-16_3a0847b6b5bee6bc9b4a9be6121e6e5e_icedid.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Program Files\7-Zip\Uninstall.exe

MD5 6f3974a59d6d457b85c3c64b65ea77ae
SHA1 418b6279983e7ac467fad0fb86d6263c6cdb8c38
SHA256 08ed90627d48bc94edf6c96099254c3a0745ebc4c40407411fb7a3b82a16e57f
SHA512 87c7aee0f86e8bd0ae8bcb972335c04c123896c92a8d183cdf470ee34ec15b8ab13b625bb45f58c21d7155847eaefd12d65885017c8b1781b2933833e74e3282