Malware Analysis Report

2025-01-23 13:14

Sample ID 241130-m3rfgsskey
Target 2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid
SHA256 0aa8351c17ece55c2bcd53f5815ea91e28d51ce48bc5c9aff43bd15f60121d22
Tags
cryptone packer discovery
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0aa8351c17ece55c2bcd53f5815ea91e28d51ce48bc5c9aff43bd15f60121d22

Threat Level: Likely malicious

The file 2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid was found to be: Likely malicious.

Malicious Activity Summary

cryptone packer discovery

CryptOne packer

Loads dropped DLL

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-30 10:59

Signatures

CryptOne packer

cryptone packer
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-30 10:59

Reported

2024-11-30 11:02

Platform

win7-20241023-en

Max time kernel

120s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\1732964385\ISMBoard_Dll.dll

MD5 0d7510289192713839c6e7e49f1458b7
SHA1 cfd1ea8aac366f018f8b01ba5e4e4300f77af645
SHA256 021725bff9da2c588a0ee269959931603f1731a727707348bb6169df33f23230
SHA512 6fca284c0458766354aeb7d644aaa4a192034a27af1dcdfaea18c7739fdbd034d0dd51bcb824c34b6365a09fe26ce0d71bbf24a04a70bed3d1ea8f0af4438c46

\Users\Admin\AppData\Local\Temp\1732964385\EIPBoardApp.dll

MD5 bcc3444397348d4717ab2abc0faf301b
SHA1 442dfd88f5e2b4bf5a9d02c9e1410f3dfec83b85
SHA256 d88aca417dab53cc6ff063348b7c3c0eec4f8b3d734a47cd62a7c83314b651e3
SHA512 ac979f2d13d0abfcf65972a871ae525c6030d657d25932b6af88a192bf8299eba2a86656afb2a71054f111949503faf2005301e45456717f731974073f3e8b66

\Users\Admin\AppData\Local\Temp\1732964385\RelayBoardApp.dll

MD5 0b40771328e774a74c4581f0f4e7ecd4
SHA1 9fecca657f14f5dad8b61602509dd528290e1eda
SHA256 e20060a9406b926fc8f2eaa654e1f09de3ee20136372f09f40020053456267cc
SHA512 2dbbe3b260d25125c26122168fecca7a2d5f0eff4ff90a09372fc577bdfb97b51d2f02720c62171979cd3a7dc2d1113c3ec7c4900e10741a6d5fc8f7a7d33791

\Users\Admin\AppData\Local\Temp\1732964385\BaseBoardApp.dll

MD5 8528034008232d7c88cc9611db008452
SHA1 b54e494160e0f6fd62fc3912834b0f0b874a3597
SHA256 ede73dce160e0121e411e6f55d0c8f61e8d74eccc817ad8f006da2e20b660858
SHA512 a0e0d5af1af41b54b0ef2a86531d31eaad4ec8f7844f5b1b28f0f2bce27f3b11a19cc8448291c944eb3ec1099fff5dc7e6b4d178e71c4d84f4f42c3842cf0968

C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin

MD5 df5883e4b0e775a9cadb36e297b21691
SHA1 24c281b76908b8b0ac0accb0adfe50a08d17aa66
SHA256 5200f3b85d9fb27ac6afcc233bca9d45169193ac681a6f6ae192167d2769b2fd
SHA512 863ec02f176779cbf35e65364eb8e639dbb557681e424e450e91fb458a5176fceb646f71945cb6ec5dfb31820bf46a73278b84586743b2c9b56868f1ada7ca3d

C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin

MD5 b97680f3dbae582562b7dd7dc2fc076d
SHA1 ce06aa2a20791e9fa640fe974539eb18b09c9efe
SHA256 637078aa98ac559352f6020c8cf20d5cde3afb4e231e1f819fb562570b4ce7db
SHA512 b4619173385f57f0fc6c1746416b54d68f42ed681638b5e1e8ca3d758afccadf95ef483e2557ab7b89ffeb7c4736190dfb5b1110fc251b1bcbe4e1f6eedcf5bc

C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin

MD5 588c4d4eeaf7d8844703994502d8ac42
SHA1 dbebec220e2e56ad77a60acf0a2fc35a0271803e
SHA256 80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc
SHA512 2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf

C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin

MD5 51c491702d77ddd95f74469c3b7b992a
SHA1 d2780ef2dd343dc15894b4334d359d48ef82f260
SHA256 9d984690b039e862454a54de1b1acf08c74cfa9beea9e5d18f1f21747af7874a
SHA512 b83625e8f4d7e5348c69cb269054c096ba5423d6f9fa6ea8b3f5587a9b8829a47238108c1b53fe913c4529ba897ac5fe7b4e140dc6f8e37d3e843a617b0a3547

C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

MD5 bade71fd87809d41956441a4c8d8f904
SHA1 e2904ee73dcbc1f014c7c39f9ef0a4cdf597e2ab
SHA256 13e1025405a9868b08064af169104ab6d4097335a9f64b8ce621c89561bd9dc7
SHA512 9f273862a784f0fb79e13ad0cbeda7fe074759b36da54f7803046ea9bb077025a9462856fb5b63cb7f8f80d816e37029fee2528b42dfa8a29807ebf34efc5919

C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

MD5 1f19f27737cd491174a42b684bc0a3fd
SHA1 d8e1b15a2bed4eb15d27f91f4c209d2091007e32
SHA256 ed00ba0b1654f945d98a0f2ef30f3c9125a70f0c480145b628fb68ea0c7c4a4a
SHA512 4f5ecf1b78d07922057cfcb02a00cb808fc5f607a9ac5787bb1c98e27f926b1d89c46706253f3a3546cefa5a316b2abc5aed118fdc845a9b35e627f273b61b2d

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-30 10:59

Reported

2024-11-30 11:02

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 120.150.79.40.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\1732964388\ISMBoard_Dll.dll

MD5 0d7510289192713839c6e7e49f1458b7
SHA1 cfd1ea8aac366f018f8b01ba5e4e4300f77af645
SHA256 021725bff9da2c588a0ee269959931603f1731a727707348bb6169df33f23230
SHA512 6fca284c0458766354aeb7d644aaa4a192034a27af1dcdfaea18c7739fdbd034d0dd51bcb824c34b6365a09fe26ce0d71bbf24a04a70bed3d1ea8f0af4438c46

C:\Users\Admin\AppData\Local\Temp\1732964388\EIPBoardApp.dll

MD5 bcc3444397348d4717ab2abc0faf301b
SHA1 442dfd88f5e2b4bf5a9d02c9e1410f3dfec83b85
SHA256 d88aca417dab53cc6ff063348b7c3c0eec4f8b3d734a47cd62a7c83314b651e3
SHA512 ac979f2d13d0abfcf65972a871ae525c6030d657d25932b6af88a192bf8299eba2a86656afb2a71054f111949503faf2005301e45456717f731974073f3e8b66

C:\Users\Admin\AppData\Local\Temp\1732964388\BaseBoardApp.dll

MD5 8528034008232d7c88cc9611db008452
SHA1 b54e494160e0f6fd62fc3912834b0f0b874a3597
SHA256 ede73dce160e0121e411e6f55d0c8f61e8d74eccc817ad8f006da2e20b660858
SHA512 a0e0d5af1af41b54b0ef2a86531d31eaad4ec8f7844f5b1b28f0f2bce27f3b11a19cc8448291c944eb3ec1099fff5dc7e6b4d178e71c4d84f4f42c3842cf0968

C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin

MD5 33c8cc2547cde2d63223ccd1dcbcdaef
SHA1 2fc9e4f5795f8b2bb6430c7a0d0e2d9aa909494a
SHA256 c2845f1037363dadc884c2e834556826fe31eb38267d0f70b410a9c80c4fa93d
SHA512 79b1f631c718b4f5792c9518d167452cb0f15c42c3650d9e314b199876ee88660e3002d1efb4ec6a5b1b76b91295495564b92d1cc265445d08d2874108bb553d

C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin

MD5 5352afeaee99600f13119e54617338ac
SHA1 0f6446eb64cd5d93d1bf9f9a70ad0adbbe345b34
SHA256 55c10f2dc26b6fe6d2b691fea5fa87d91f3576721980b480f26557d1df4c5a66
SHA512 af1cb29cb821ef7f633d41ecf8fa25c45e2aef23960b23b7ce98bb799ee102b7683daed31bed4438efd659d21d6b4ea386f84767be5f3e919e0dd4c935a3bf13

C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

MD5 a3a2e50155acefabeb8e721fc82d9851
SHA1 8a4d7f53a5c95a4c678ed60ff927c364bae60a88
SHA256 16919b2cb04dbf0d3fb7f8f88b4c3a62dedc7d72483ba2e67c3e3f92d97606d1
SHA512 4383543648e7714c0b1e135be5d98f4b129c8c75055be2e01bd4098a553e4a428a5656a86b166c1868e55633c8116cf7a7cd260e9b6e18eea06007ac1cd742d9

C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin

MD5 588c4d4eeaf7d8844703994502d8ac42
SHA1 dbebec220e2e56ad77a60acf0a2fc35a0271803e
SHA256 80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc
SHA512 2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf

C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin

MD5 7c196b03388985ea216eed143a943ee4
SHA1 8d5ec35b397e4bd672d0c46bf63595e495e8654a
SHA256 8c539eecd6cd5ac774591f9d6fd52e308d1bbc5561fefcea6fcd4eb403e8acac
SHA512 c4a5be6a4cb8f94e33e46590beab74c7461b8eb8227a539acdb9ba09e872b336d03a36f5fcce7f15e219c0d195d5856f77ca18646382e4a95cb13a2a88d0c104

C:\Users\Admin\AppData\Local\Temp\1732964388\RelayBoardApp.dll

MD5 0b40771328e774a74c4581f0f4e7ecd4
SHA1 9fecca657f14f5dad8b61602509dd528290e1eda
SHA256 e20060a9406b926fc8f2eaa654e1f09de3ee20136372f09f40020053456267cc
SHA512 2dbbe3b260d25125c26122168fecca7a2d5f0eff4ff90a09372fc577bdfb97b51d2f02720c62171979cd3a7dc2d1113c3ec7c4900e10741a6d5fc8f7a7d33791

C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

MD5 e8927078939c1673610274dc0dcf7bef
SHA1 122c114f92f47e6d9d225ee5ceb344917cd0e774
SHA256 c79ef13c5348eea36790f68c8bbfcf89fd2b92b237640084686ff3a9961f68e5
SHA512 8e99a034c5e9be379451ad727ca4e9ed364c11805a1985621b95f31818dfeaddce365ef99457321a6b7a2e92da3c771b74993ffe56224595306d8d66bc62d943