Overview

overview

10

Static

static

1

2024-11-10...id.exe

windows7-x64

10

2024-11-10...id.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 12:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-10_057af579341f7dab6a2e3d1aad30b017_floxif_icedid.exe

  • Size

    3.1MB

  • MD5

    057af579341f7dab6a2e3d1aad30b017

  • SHA1

    d13b1d225bdb0b3064b214000ae793ccd2153820

  • SHA256

    8d07ed94bf6e795ea7b2555b75e7b2eda604a222f2cff44b3be9a5d7112ca16c

  • SHA512

    b8beb340c031b7c3b12f8f55dc826708b556b9a3f7aa2fd121a6edbee7fc37cb521a6a93781191d537b2f29d97b6e1160aa2bcb31faf2cc9f4c2865751943355

  • SSDEEP

    49152:SfrD6b23aNJS8tljeFmmTtJ/405uP6Gs414+91:Sv663aNT3jeFmmtJ/4YuP6GVX1

Score
10/10
floxifadwarebackdoordiscoveryevasionpersistencestealertrojanupx

Malware Config

Signatures

  • Floxif family
    floxif
  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif
  • Detects Floxif payload 1 IoCs
    backdoor
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Modifies registry class 20 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-10_057af579341f7dab6a2e3d1aad30b017_floxif_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-10_057af579341f7dab6a2e3d1aad30b017_floxif_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Enumerates connected drives
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.internetdownloadmanager.com/welcome.html?v=519b2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3547f11964fcbf0a5401155b96545b21

    SHA1

    05a5387ec5c51c49807106cbc8bf85707c3229f5

    SHA256

    a968aa2a8867adc16ff6753d94176bf818aca19cedc77e05f5c0330a2749a922

    SHA512

    36ae0ba92a320544e295abd7156ffafdf8fdec187ff6bc5a397f7d2ed23791991f470fe9ddae535fa431e29169c8b4aaa016a2a24c0277a1e975c1b0e86b0710

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de6c05bdcc6478479ed80cbe4d7c738f

    SHA1

    3af6424d49b726bfce3f9c290df248c3f7528970

    SHA256

    0a86b2a8d5a5755b00d486100b2c01880fd3d9bdbb61e172948a90fc3808db23

    SHA512

    7e03cc35b0528aa8126e65ba46b0a3b7a9d9191ded79346b87079308e62260fcd98f04b8357c33e8d4a1791f5564b0a7b4e6f286148d98cf5b4071c89e7ea9e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e981ea6c9f5996e24ddc9def50c86ce1

    SHA1

    3fb60f65dbdd194b07ecedd1c2f9a63921d117de

    SHA256

    13793846919fd9bb5a2b32bb727321c2bd0d5ccd3b1c5084c7b4d1f8f565b8e1

    SHA512

    b2fbbe665e12421b558d5e0f806841e1d6f1e87384f19ff9594517eb3cba488ef60ca08755824fbe28a89151bce58d563cf4db15d6539c716ae9abbead2c69d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70218b5d991df7c6e8b4eb20c2c01cd0

    SHA1

    43a9f1534d5b20aa5be5f04f452e01ac14049533

    SHA256

    8399a4f6661a9b0625c4124e4ec05dd38a3a23dff127561f28585443c22f0de3

    SHA512

    07766bbebe3690ea17f51de734a96ad3aacdf8b8910e1a40e9f7c1bf094a92732279eb08da7039ba6b9f44f148b69de739559c87ce331337ea710d02427c9eac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f208c879ac25c3ae31cf94c076bf2e51

    SHA1

    92294c8f36965a3860c8e1d98272a2b7117303a8

    SHA256

    7717b248b203e7532e0713bd76cca9357a6ed052de0ddf37a676eb02614535c1

    SHA512

    66d8563ea75017bc1a59cd5638e0814ee855949d32d59dd47ffec31b2e2f0cc669580ccfd660a0fe2454128ed1cdc6903e6ff43f64c12ecfcc01ae2670ba212d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e76bfa6d8b60bd56ac7eba9f2a0d025

    SHA1

    6435d7f3ab6f52eb384479dffa4687e26d41117a

    SHA256

    06c8b4da88fa71a3e6240a5eed688730b68925002e942209df2414fb9e3c3e33

    SHA512

    87ebaf595e4450ff1ab5f0940987d5d9cdbe568cd13dc4966e1138a97d9942e12258683eb7eaa39e81c7965d9db6044352b34bb48e72602eee4f27d5ed502d82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    984550688a37be935cb82968f5600dd4

    SHA1

    cdb55328f9a8f06a78b8d7070056c87d56660c5f

    SHA256

    bafd14d3ddf4e66008933f43600c608afb367191be6930e325db04d2e075c7b6

    SHA512

    01a77a3d046be0282f4fa442f3cd0833b63f3c1dd226c16ff82ea4173b06113315facad68e11986b81460c038d055f93d8746a629a196a636138c34f3c9255f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f38f0e19eb643a96882e6c225743aaa2

    SHA1

    97433f8b652f859593ec119d6949a1121442e951

    SHA256

    02aa3cd13dbbdbbee0976742c8ae9eb588cce38853dad0684bd7721d7df8b0a8

    SHA512

    caaa27eb17c19f42794536ec35ea38a18e2282c63d588c74c2e34eff8b43cba57c0f5658683de0a32d530fe9596bbd181a26ddf0cc3683e03380d770465edbce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79f0ab46108d47d63545caf7ee18df1d

    SHA1

    362421d971c52e890a8ffd13a0d9a1f91e451976

    SHA256

    a45010071b09fba9075cf6dd402baa1e3af11d1a8b2864884905393daffe7a47

    SHA512

    23d875182d546ede5abe01d5d80e240138d6462a9657a35922e872a46679467e0af1d305c6f914369a26ada8a1033c1151d9926e49035b7ff1c4b8d958c66940

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0f4c3e846ed37058698fc5b21ca4f19

    SHA1

    fc7b43a1f25c753b11b969850dd6d5a3306f380f

    SHA256

    287ece3a84f9207c91b334558fa59b007e4d59d6192e115f26ac1f37f293854f

    SHA512

    6fe0fc4b3bd052a24006622b278d264cd626668cd27d5467bea6f9e7aaf2201aa2e6fb178eee156c74103864e5aa37d51a76d0fe5c8030ac48ebb37fa9dff044

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34b64dd68aaedbff390a56824ca8b356

    SHA1

    943bcb393776a20b24a9f53d3d68644bee50620e

    SHA256

    a9309abc2a072e50b2a86fe36941d515686a3b04df00159d690cf3a80f1d1776

    SHA512

    070ffbb4c0a5a6ca581bd126084f9210089e12dc187e2325c3fd4d5626cbc1c7eeca6f8209b20bb74cb6a96012c8c84793432182650317fcd1a5fbf7c531b5fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40566e5929c3e48b76dba396182f5726

    SHA1

    6690b67499e8ca30612a80eda625797d6f715d1c

    SHA256

    126d848dd5c833c0cfa7c76ad5dd7119d34309ec801c85a7c35e7e830d3fe254

    SHA512

    f235b7388ef930174cec678e0135686be1dd02c8cf01b0d8ae9a61000d43a1afea27e59b091f96d19b0c00aef921cf6083b0bd5d14394cd3273f2af04d7a4c9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f99802102aa04d41ce0316d6bc37f7a7

    SHA1

    fb8b5a632b2c0b633359468a3235bba786e43c29

    SHA256

    b76be72dadb335a86df9c9b4a645475839f22dfa90092e81bf73d500f9c271c9

    SHA512

    dde1285687007bcc95358ed0bb2ceae243520f6421322eff96b9e9bb5c7eea418e68072c40515b10fa0754ed9425eacda1c9ea1f17ac6167a676c2dad7b08821

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c878cce2926175ad09d10c236e0b480

    SHA1

    3a47bfa97369b91b6ff99d4a20047093dcd0b2e5

    SHA256

    a1ade53d917846a2c02226a4dada89bb7e3e6f5b4a51c220fd3406a6fd40dbdb

    SHA512

    9baa1ae5b5cdf965a68b8afe6da30fe6612c378b15be2fe64a8da3d4aba7822c9d6c8678d2f0523ed231307561ca3179dbc0e3c31d98ed737830e43afbb233e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28cc27d1cb4c748299809987a15f148f

    SHA1

    a7858525639dc1e57629abe7716d988380ef3143

    SHA256

    7c266374e2768516e03d2eaf1b83e09664f8f4d57f14bd859da6a15f26dfa27b

    SHA512

    d33935bd9df41519d128db3a2bc4db31b62158b7e3c06fa7691a1ce03ad1d17e614a756f461bfafa9428fa67e2eefe6c9749bceae795daa29d4b515db79315a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7150a0f401119cf34775b0cb224018e

    SHA1

    e4ac3faac64740da5241cafe2d15159797f3facb

    SHA256

    a22cd95e77df8326e92255a05a1367022b5f14f5cc38d44829c6fc39fe9e8f87

    SHA512

    676f12e35cf572da900ce148f056571ea04111d12237829b157123f10b3820bc41b1b65455781995319b1057a6b3314ff0f828fed251b692f9015d5f238c1878

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6d4cacf3b3183bed5776c74a6204342

    SHA1

    9e6c48f4b44ca48bb8dff6b250e98fd367a6ebfc

    SHA256

    b8e6828083a85cab35fb66eb162b7c2f470f6b62b4b9a1f2af2c837630d7d4d1

    SHA512

    2c11a2eddfbff1e853802c490b703d9d56168ad98a37f2cb51879f6662a1effc483b1dcd8022994e48c1a890e49ab315f0d0d4d6c5b77e3a3a18e440f1e97a4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1add86d1811749bc722e41b80d36332

    SHA1

    62ed1ca57a1c50a0b6c7a73f1f9af5bb42f6b175

    SHA256

    4234c19fec04e51705f2cc8c6ce835df2f75362cbc5d9b1cb14e4140c684f986

    SHA512

    cadd14104db1a58eeeb7a3ef2468f6100f279ddff0e763ba5f2a2bd1f5c8cc1d5e79a446b15eb25668d819714526af937b9838d0e8710081269f8a2b4fd83192

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab89A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8DC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\idmmbc_1\idmmbc_1.log
    Filesize

    303B

    MD5

    088e5c65c4048c1a2c928cd3ae0a9ab8

    SHA1

    fba46a27c41c2099696dfa04a974bd838fd91a0a

    SHA256

    9327af3a9c3cfddfe6cf2f722a89b870247b8c0220f9776752eec91abcff35ca

    SHA512

    e4ce9e7bc6152e6e8bf043c5006b3c0c113c7106d71a368f7b529f092397f98bf068000e0582cf29d7511dbb80d5f7036bcdec6d5596a04d8a42fed337f13d73

    Download Submit

  • \Program Files\Common Files\System\symsrv.dll
    Filesize

    67KB

    MD5

    7574cf2c64f35161ab1292e2f532aabf

    SHA1

    14ba3fa927a06224dfe587014299e834def4644f

    SHA256

    de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

    SHA512

    4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

    Download Submit

  • memory/2864-3-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2864-293-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2864-292-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2864-309-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download