4a417f62a755bf5e0b2721b6d40fbf82fe925f0ee68e4fde8ba56c15aaa00f51

Resubmissions

29-11-2024 09:15

241129-k73cfaxlfz 10

31-08-2024 21:23

240831-z8h3hswela 8

Analysis

max time kernel
30s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2024 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe
Size

10.0MB
MD5

2852198f3ef4c8bdd1ea978ed82591e3
SHA1

717992777e1d521822df536742ee213f373596c3
SHA256

4a417f62a755bf5e0b2721b6d40fbf82fe925f0ee68e4fde8ba56c15aaa00f51
SHA512

edcc3bd01f993e9ff509f5457e13d995b4ae854b30e67fe1c59f2e70b3fef532849d01fb81b0c83ca7cf121c40422e29b73d5b6a12bf8daaa9b5e793fa3169e4
SSDEEP

196608:Oky3BgLy6ipLtOPAr8pY/7ZBPVKpKevWp/:Ix2yNZ//N92KeOl

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe

pid	Process
532	2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe
532	2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe

pid	Process
532	2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe
532	2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe
532	2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E2EECore.3.3.9.dll

Filesize
10.6MB

MD5
50c266e46ccf9bc8956279f78d51f205

SHA1
0ba5b98a91a9a019cd9b87cf01796c65ee6a0839

SHA256
c58e066a293ff260037487d37e37bf3d890c16383d817c7573dab51c514cbd00

SHA512
7350a82820faeba3172fad3d87b04c6a2967b797a321a78a53e7156c37fed4661a66d2f78e2f3ddbcbc0d10a56f5d761f7eb761f05d2841568b34841c17e0d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\ee\Plugins\rdjson.dll

Filesize
192KB

MD5
2244857ed4d33e3ab8b32c1a09eaff39

SHA1
9af9d5bc1be9c202471075b5222500c409428fd0

SHA256
e345f88529b2337bb2719550985a049c61a6bca84c113c7b07f7ec5313446f7d

SHA512
c88af689b603c22dac0be5cdb0922d0bb58325ee57d736b6fa090e967704edb5fa535100149fd5d02ac764ab32b0ccea99310dd28101ffc907a58414e8867590

Download Submit