Analysis Overview
SHA256
5d6c8d03a1ed89a10d8cf5bbfe0a4d72773156acab8858caefc5593d3eb12719
Threat Level: Likely malicious
The file 2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Adds Run key to start application
Sets desktop wallpaper using registry
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Modifies Control Panel
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 00:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 00:32
Reported
2024-11-13 00:35
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
138s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\windows\SysWOW64\drivers\spo0lve.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\windows\SysWOW64\drivers\spo0lve.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe" | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pigdesk.bmp" | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File created | C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javah.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdeps.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\ktab.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmic.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jjs.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File created | C:\Program Files\Windows Media Player\wmpconfig.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File created | C:\Program Files\Windows Media Player\setup_wm.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jmap.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jinfo.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msotd.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\servertool.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File created | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Desktop\WallpaperStyle = "2" | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Desktop\TileWallpaper = "2" | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | b9efb7995e89d8b2b54b42a0e5b2940b |
| SHA1 | 7bd1dc0e4e6160c5cef8a4f99fd1efec63391356 |
| SHA256 | c0e6616719ecc5081ab36301f4e3e5245bc0f4c19bd4ce6a20aacf6be9cddf82 |
| SHA512 | 20c968e8df46150e5c155345a7a12c675f849b433a2d2f3f5780438dfd5ebdfd13d5519e897817a0ead2d0acc2b716f4651830289b2d1fb9c925a951a0a72a88 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 00:32
Reported
2024-11-13 00:35
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\windows\SysWOW64\drivers\spo0lve.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| File opened for modification | C:\windows\SysWOW64\drivers\spo0lve.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe" | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-13_82b960fed35ccb776874a4671a096eb9_hijackloader_icedid.exe"
Network
Files
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | b9efb7995e89d8b2b54b42a0e5b2940b |
| SHA1 | 7bd1dc0e4e6160c5cef8a4f99fd1efec63391356 |
| SHA256 | c0e6616719ecc5081ab36301f4e3e5245bc0f4c19bd4ce6a20aacf6be9cddf82 |
| SHA512 | 20c968e8df46150e5c155345a7a12c675f849b433a2d2f3f5780438dfd5ebdfd13d5519e897817a0ead2d0acc2b716f4651830289b2d1fb9c925a951a0a72a88 |