Overview

overview

10

Static

static

10

2024-11-26...id.exe

windows7-x64

7

2024-11-26...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    26/11/2024, 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-26_eaaf8549a497048ddf9befeac6b7268f_hacktools_icedid.exe

  • Size

    15.1MB

  • MD5

    eaaf8549a497048ddf9befeac6b7268f

  • SHA1

    22272c76e80277334348b6edd66c95faf5c70e09

  • SHA256

    93aabd0c0381dd0289c87ef735522b68ce77bec2b866a4fb5323d0e59727e4c1

  • SHA512

    369588fe6ffd74cbb9ebfef824eb24896cfa886a0b6e9479091323ab57b324bf31cef559226b6ba5573a9068bb9eb5baa6a9f6b6103375743fce7f1363a3a9bf

  • SSDEEP

    196608:CbeQi8y2YY6B1/FNtUgmAiX2g9wnQDlHZHDLqa8b/kYwRqXPpkx+nWi4jCu+j9:Ci8y2X6B7diGg9wnA5jLP+6okxWdu+p

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-26_eaaf8549a497048ddf9befeac6b7268f_hacktools_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-26_eaaf8549a497048ddf9befeac6b7268f_hacktools_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ÌìÁúСÃÛ\ÔËÐÐÎļþ\QYCJ.dll
    Filesize

    3.0MB

    MD5

    54da9cb20347baec926b6678f8efb3ab

    SHA1

    18ca10861aa561c56666270cca7fd44c73c28d72

    SHA256

    038675d5ee0b22a17a12646ba9cf3fcffd0a2acfb712c1953102671774a82390

    SHA512

    e4608ef1875e2dd46c1352d5e750178ce439725a6b190d37a14decb7e960428841ea3ef5e17488226f9bcfc6d58793cb254f142ba4f54cd316c9cbee50cae77b

    Download Submit

  • memory/3012-19-0x0000000003220000-0x0000000003320000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3012-30-0x0000000004AE1000-0x0000000004DBC000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3012-28-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-26-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-24-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-29-0x0000000004A70000-0x00000000050BC000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/3012-32-0x0000000004A70000-0x00000000050BC000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/3012-39-0x0000000004AE1000-0x0000000004DBC000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3012-40-0x0000000004A70000-0x00000000050BC000-memory.dmp

    Filesize

    6.3MB

    Download