Overview
overview
10Static
static
1008751be484...2d.dll
windows10-2004-x64
100a9f79abd4...51.exe
windows10-2004-x64
30di3x.exe
windows10-2004-x64
102019-09-02...10.exe
windows10-2004-x64
102c01b00772...eb.exe
windows10-2004-x64
731.exe
windows10-2004-x64
103DMark 11 ...on.exe
windows10-2004-x64
342f9729255...61.exe
windows10-2004-x64
105da0116af4...18.exe
windows10-2004-x64
1069c56d12ed...6b.exe
windows10-2004-x64
10905d572f23...50.exe
windows10-2004-x64
10948340be97...54.exe
windows10-2004-x64
1095560f1a46...f9.dll
windows10-2004-x64
3Archive.zi...3e.exe
windows10-2004-x64
8DiskIntern...en.exe
windows10-2004-x64
3ForceOp 2....ce.exe
windows10-2004-x64
7HYDRA.exe
windows10-2004-x64
10KLwC6vii.exe
windows10-2004-x64
1Keygen.exe
windows10-2004-x64
10Lonelyscre...ox.exe
windows10-2004-x64
3LtHv0O2KZDK4M637.exe
windows10-2004-x64
10Magic_File...ja.exe
windows10-2004-x64
3OnlineInstaller.exe
windows10-2004-x64
8Remouse.Mi...cg.exe
windows10-2004-x64
3SecuriteIn...dE.exe
windows10-2004-x64
10SecuriteIn...ee.dll
windows10-2004-x64
10SecurityTa...up.exe
windows10-2004-x64
4Treasure.V...ox.exe
windows10-2004-x64
3VyprVPN.exe
windows10-2004-x64
10WSHSetup[1].exe
windows10-2004-x64
3Yard.dll
windows10-2004-x64
10b2bd3de3e5...2).exe
windows10-2004-x64
10Resubmissions
13-11-2024 23:34
241113-3kmbta1eqc 1013-11-2024 22:28
241113-2dpb6azme1 1011-11-2024 05:34
241111-f9w6zstjbz 1011-11-2024 03:05
241111-dlmlja1jbx 1011-11-2024 03:00
241111-dhk9aszrdz 1008-11-2024 08:59
241108-kx2cdssjdk 1008-11-2024 08:55
241108-kvvf3aymdw 10Analysis
-
max time kernel
1796s -
max time network
1802s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11-11-2024 05:34
Static task
static1
Behavioral task
behavioral1
Sample
08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
0di3x.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
2019-09-02_22-41-10.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
31.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
3DMark 11 Advanced Edition.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
42f972925508a82236e8533567487761.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
DiskInternals_Uneraser_v5_keygen.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
ForceOp 2.8.7 - By RaiSence.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
HYDRA.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
KLwC6vii.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Keygen.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
Lonelyscreen.1.2.9.keygen.by.Paradox.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
LtHv0O2KZDK4M637.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
Magic_File_v3_keygen_by_KeygenNinja.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
OnlineInstaller.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
Remouse.Micro.Micro.v3.5.3.serial.maker.by.aaocg.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
SecuriteInfo.com.Generic.mg.cde56cf0169830ee.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
SecurityTaskManager_Setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
Treasure.Vault.3D.Screensaver.keygen.by.Paradox.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
VyprVPN.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
WSHSetup[1].exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Yard.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (2).exe
Resource
win10v2004-20241007-en
General
-
Target
-
Size
372KB
-
MD5
2c959a0f9af72398f115f839397c3396
-
SHA1
80b078a6b74a17e6147321f3b3104bf91b4262f2
-
SHA256
cc0c949be6493aa98619cd591e6b4a0488eef3227b53fbaeac4309fab9efd206
-
SHA512
511bd3992e5345c7d2b0a728f2f8ce7d18ebbc46ee41afaa4a6e4dfa937c28ca799361d286196b327e01df81981bfbc88b15ca1ad0d49fdaad46436e5735170c
-
SSDEEP
3072:/drfV7YqW8waq6ciakIC/BwdrZ4P8Y5gla79yQ1yAnYgoFC3Wxl2G7mr3HWJtRIn:FrV7YqW83q6ciH/B6QZn8nTI
Malware Config
Extracted
icedid
knockaddress.xyz
Signatures
-
Icedid family
-
IcedID First Stage Loader 2 IoCs
resource yara_rule behavioral25/memory/1856-0-0x00000000020D0000-0x00000000020D3000-memory.dmp IcedidFirstLoader behavioral25/memory/1856-1-0x00000000020E0000-0x00000000020E6000-memory.dmp IcedidFirstLoader -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1856 [email protected] 1856 [email protected]
Processes
-
C:\Users\Admin\AppData\Local\Temp\[email protected]"C:\Users\Admin\AppData\Local\Temp\[email protected]"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1856