Analysis Overview
SHA256
0aa8351c17ece55c2bcd53f5815ea91e28d51ce48bc5c9aff43bd15f60121d22
Threat Level: Likely malicious
The file 2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid was found to be: Likely malicious.
Malicious Activity Summary
CryptOne packer
Loads dropped DLL
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-30 10:59
Signatures
CryptOne packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-30 10:59
Reported
2024-11-30 11:02
Platform
win7-20241023-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\1732964385\ISMBoard_Dll.dll
| MD5 | 0d7510289192713839c6e7e49f1458b7 |
| SHA1 | cfd1ea8aac366f018f8b01ba5e4e4300f77af645 |
| SHA256 | 021725bff9da2c588a0ee269959931603f1731a727707348bb6169df33f23230 |
| SHA512 | 6fca284c0458766354aeb7d644aaa4a192034a27af1dcdfaea18c7739fdbd034d0dd51bcb824c34b6365a09fe26ce0d71bbf24a04a70bed3d1ea8f0af4438c46 |
\Users\Admin\AppData\Local\Temp\1732964385\EIPBoardApp.dll
| MD5 | bcc3444397348d4717ab2abc0faf301b |
| SHA1 | 442dfd88f5e2b4bf5a9d02c9e1410f3dfec83b85 |
| SHA256 | d88aca417dab53cc6ff063348b7c3c0eec4f8b3d734a47cd62a7c83314b651e3 |
| SHA512 | ac979f2d13d0abfcf65972a871ae525c6030d657d25932b6af88a192bf8299eba2a86656afb2a71054f111949503faf2005301e45456717f731974073f3e8b66 |
\Users\Admin\AppData\Local\Temp\1732964385\RelayBoardApp.dll
| MD5 | 0b40771328e774a74c4581f0f4e7ecd4 |
| SHA1 | 9fecca657f14f5dad8b61602509dd528290e1eda |
| SHA256 | e20060a9406b926fc8f2eaa654e1f09de3ee20136372f09f40020053456267cc |
| SHA512 | 2dbbe3b260d25125c26122168fecca7a2d5f0eff4ff90a09372fc577bdfb97b51d2f02720c62171979cd3a7dc2d1113c3ec7c4900e10741a6d5fc8f7a7d33791 |
\Users\Admin\AppData\Local\Temp\1732964385\BaseBoardApp.dll
| MD5 | 8528034008232d7c88cc9611db008452 |
| SHA1 | b54e494160e0f6fd62fc3912834b0f0b874a3597 |
| SHA256 | ede73dce160e0121e411e6f55d0c8f61e8d74eccc817ad8f006da2e20b660858 |
| SHA512 | a0e0d5af1af41b54b0ef2a86531d31eaad4ec8f7844f5b1b28f0f2bce27f3b11a19cc8448291c944eb3ec1099fff5dc7e6b4d178e71c4d84f4f42c3842cf0968 |
C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin
| MD5 | df5883e4b0e775a9cadb36e297b21691 |
| SHA1 | 24c281b76908b8b0ac0accb0adfe50a08d17aa66 |
| SHA256 | 5200f3b85d9fb27ac6afcc233bca9d45169193ac681a6f6ae192167d2769b2fd |
| SHA512 | 863ec02f176779cbf35e65364eb8e639dbb557681e424e450e91fb458a5176fceb646f71945cb6ec5dfb31820bf46a73278b84586743b2c9b56868f1ada7ca3d |
C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin
| MD5 | b97680f3dbae582562b7dd7dc2fc076d |
| SHA1 | ce06aa2a20791e9fa640fe974539eb18b09c9efe |
| SHA256 | 637078aa98ac559352f6020c8cf20d5cde3afb4e231e1f819fb562570b4ce7db |
| SHA512 | b4619173385f57f0fc6c1746416b54d68f42ed681638b5e1e8ca3d758afccadf95ef483e2557ab7b89ffeb7c4736190dfb5b1110fc251b1bcbe4e1f6eedcf5bc |
C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin
| MD5 | 588c4d4eeaf7d8844703994502d8ac42 |
| SHA1 | dbebec220e2e56ad77a60acf0a2fc35a0271803e |
| SHA256 | 80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc |
| SHA512 | 2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf |
C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin
| MD5 | 51c491702d77ddd95f74469c3b7b992a |
| SHA1 | d2780ef2dd343dc15894b4334d359d48ef82f260 |
| SHA256 | 9d984690b039e862454a54de1b1acf08c74cfa9beea9e5d18f1f21747af7874a |
| SHA512 | b83625e8f4d7e5348c69cb269054c096ba5423d6f9fa6ea8b3f5587a9b8829a47238108c1b53fe913c4529ba897ac5fe7b4e140dc6f8e37d3e843a617b0a3547 |
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin
| MD5 | bade71fd87809d41956441a4c8d8f904 |
| SHA1 | e2904ee73dcbc1f014c7c39f9ef0a4cdf597e2ab |
| SHA256 | 13e1025405a9868b08064af169104ab6d4097335a9f64b8ce621c89561bd9dc7 |
| SHA512 | 9f273862a784f0fb79e13ad0cbeda7fe074759b36da54f7803046ea9bb077025a9462856fb5b63cb7f8f80d816e37029fee2528b42dfa8a29807ebf34efc5919 |
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin
| MD5 | 1f19f27737cd491174a42b684bc0a3fd |
| SHA1 | d8e1b15a2bed4eb15d27f91f4c209d2091007e32 |
| SHA256 | ed00ba0b1654f945d98a0f2ef30f3c9125a70f0c480145b628fb68ea0c7c4a4a |
| SHA512 | 4f5ecf1b78d07922057cfcb02a00cb808fc5f607a9ac5787bb1c98e27f926b1d89c46706253f3a3546cefa5a316b2abc5aed118fdc845a9b35e627f273b61b2d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-30 10:59
Reported
2024-11-30 11:02
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.150.79.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\1732964388\ISMBoard_Dll.dll
| MD5 | 0d7510289192713839c6e7e49f1458b7 |
| SHA1 | cfd1ea8aac366f018f8b01ba5e4e4300f77af645 |
| SHA256 | 021725bff9da2c588a0ee269959931603f1731a727707348bb6169df33f23230 |
| SHA512 | 6fca284c0458766354aeb7d644aaa4a192034a27af1dcdfaea18c7739fdbd034d0dd51bcb824c34b6365a09fe26ce0d71bbf24a04a70bed3d1ea8f0af4438c46 |
C:\Users\Admin\AppData\Local\Temp\1732964388\EIPBoardApp.dll
| MD5 | bcc3444397348d4717ab2abc0faf301b |
| SHA1 | 442dfd88f5e2b4bf5a9d02c9e1410f3dfec83b85 |
| SHA256 | d88aca417dab53cc6ff063348b7c3c0eec4f8b3d734a47cd62a7c83314b651e3 |
| SHA512 | ac979f2d13d0abfcf65972a871ae525c6030d657d25932b6af88a192bf8299eba2a86656afb2a71054f111949503faf2005301e45456717f731974073f3e8b66 |
C:\Users\Admin\AppData\Local\Temp\1732964388\BaseBoardApp.dll
| MD5 | 8528034008232d7c88cc9611db008452 |
| SHA1 | b54e494160e0f6fd62fc3912834b0f0b874a3597 |
| SHA256 | ede73dce160e0121e411e6f55d0c8f61e8d74eccc817ad8f006da2e20b660858 |
| SHA512 | a0e0d5af1af41b54b0ef2a86531d31eaad4ec8f7844f5b1b28f0f2bce27f3b11a19cc8448291c944eb3ec1099fff5dc7e6b4d178e71c4d84f4f42c3842cf0968 |
C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin
| MD5 | 33c8cc2547cde2d63223ccd1dcbcdaef |
| SHA1 | 2fc9e4f5795f8b2bb6430c7a0d0e2d9aa909494a |
| SHA256 | c2845f1037363dadc884c2e834556826fe31eb38267d0f70b410a9c80c4fa93d |
| SHA512 | 79b1f631c718b4f5792c9518d167452cb0f15c42c3650d9e314b199876ee88660e3002d1efb4ec6a5b1b76b91295495564b92d1cc265445d08d2874108bb553d |
C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin
| MD5 | 5352afeaee99600f13119e54617338ac |
| SHA1 | 0f6446eb64cd5d93d1bf9f9a70ad0adbbe345b34 |
| SHA256 | 55c10f2dc26b6fe6d2b691fea5fa87d91f3576721980b480f26557d1df4c5a66 |
| SHA512 | af1cb29cb821ef7f633d41ecf8fa25c45e2aef23960b23b7ce98bb799ee102b7683daed31bed4438efd659d21d6b4ea386f84767be5f3e919e0dd4c935a3bf13 |
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin
| MD5 | a3a2e50155acefabeb8e721fc82d9851 |
| SHA1 | 8a4d7f53a5c95a4c678ed60ff927c364bae60a88 |
| SHA256 | 16919b2cb04dbf0d3fb7f8f88b4c3a62dedc7d72483ba2e67c3e3f92d97606d1 |
| SHA512 | 4383543648e7714c0b1e135be5d98f4b129c8c75055be2e01bd4098a553e4a428a5656a86b166c1868e55633c8116cf7a7cd260e9b6e18eea06007ac1cd742d9 |
C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin
| MD5 | 588c4d4eeaf7d8844703994502d8ac42 |
| SHA1 | dbebec220e2e56ad77a60acf0a2fc35a0271803e |
| SHA256 | 80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc |
| SHA512 | 2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf |
C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin
| MD5 | 7c196b03388985ea216eed143a943ee4 |
| SHA1 | 8d5ec35b397e4bd672d0c46bf63595e495e8654a |
| SHA256 | 8c539eecd6cd5ac774591f9d6fd52e308d1bbc5561fefcea6fcd4eb403e8acac |
| SHA512 | c4a5be6a4cb8f94e33e46590beab74c7461b8eb8227a539acdb9ba09e872b336d03a36f5fcce7f15e219c0d195d5856f77ca18646382e4a95cb13a2a88d0c104 |
C:\Users\Admin\AppData\Local\Temp\1732964388\RelayBoardApp.dll
| MD5 | 0b40771328e774a74c4581f0f4e7ecd4 |
| SHA1 | 9fecca657f14f5dad8b61602509dd528290e1eda |
| SHA256 | e20060a9406b926fc8f2eaa654e1f09de3ee20136372f09f40020053456267cc |
| SHA512 | 2dbbe3b260d25125c26122168fecca7a2d5f0eff4ff90a09372fc577bdfb97b51d2f02720c62171979cd3a7dc2d1113c3ec7c4900e10741a6d5fc8f7a7d33791 |
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin
| MD5 | e8927078939c1673610274dc0dcf7bef |
| SHA1 | 122c114f92f47e6d9d225ee5ceb344917cd0e774 |
| SHA256 | c79ef13c5348eea36790f68c8bbfcf89fd2b92b237640084686ff3a9961f68e5 |
| SHA512 | 8e99a034c5e9be379451ad727ca4e9ed364c11805a1985621b95f31818dfeaddce365ef99457321a6b7a2e92da3c771b74993ffe56224595306d8d66bc62d943 |