Malware Analysis Report

2025-01-23 12:51

Sample ID 241130-m6s4gsslbw
Target 2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid
SHA256 0aa8351c17ece55c2bcd53f5815ea91e28d51ce48bc5c9aff43bd15f60121d22
Tags
discovery cryptone packer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0aa8351c17ece55c2bcd53f5815ea91e28d51ce48bc5c9aff43bd15f60121d22

Threat Level: Likely malicious

The file 2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid was found to be: Likely malicious.

Malicious Activity Summary

discovery cryptone packer

CryptOne packer

Loads dropped DLL

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-30 11:05

Signatures

CryptOne packer

cryptone packer
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-30 11:05

Reported

2024-11-30 11:07

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\1732964707\ISMBoard_Dll.dll

MD5 0d7510289192713839c6e7e49f1458b7
SHA1 cfd1ea8aac366f018f8b01ba5e4e4300f77af645
SHA256 021725bff9da2c588a0ee269959931603f1731a727707348bb6169df33f23230
SHA512 6fca284c0458766354aeb7d644aaa4a192034a27af1dcdfaea18c7739fdbd034d0dd51bcb824c34b6365a09fe26ce0d71bbf24a04a70bed3d1ea8f0af4438c46

C:\Users\Admin\AppData\Local\Temp\1732964707\EIPBoardApp.dll

MD5 bcc3444397348d4717ab2abc0faf301b
SHA1 442dfd88f5e2b4bf5a9d02c9e1410f3dfec83b85
SHA256 d88aca417dab53cc6ff063348b7c3c0eec4f8b3d734a47cd62a7c83314b651e3
SHA512 ac979f2d13d0abfcf65972a871ae525c6030d657d25932b6af88a192bf8299eba2a86656afb2a71054f111949503faf2005301e45456717f731974073f3e8b66

C:\Users\Admin\AppData\Local\Temp\1732964707\RelayBoardApp.dll

MD5 0b40771328e774a74c4581f0f4e7ecd4
SHA1 9fecca657f14f5dad8b61602509dd528290e1eda
SHA256 e20060a9406b926fc8f2eaa654e1f09de3ee20136372f09f40020053456267cc
SHA512 2dbbe3b260d25125c26122168fecca7a2d5f0eff4ff90a09372fc577bdfb97b51d2f02720c62171979cd3a7dc2d1113c3ec7c4900e10741a6d5fc8f7a7d33791

C:\Users\Admin\AppData\Local\Temp\1732964707\BaseBoardApp.dll

MD5 8528034008232d7c88cc9611db008452
SHA1 b54e494160e0f6fd62fc3912834b0f0b874a3597
SHA256 ede73dce160e0121e411e6f55d0c8f61e8d74eccc817ad8f006da2e20b660858
SHA512 a0e0d5af1af41b54b0ef2a86531d31eaad4ec8f7844f5b1b28f0f2bce27f3b11a19cc8448291c944eb3ec1099fff5dc7e6b4d178e71c4d84f4f42c3842cf0968

C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin

MD5 588c4d4eeaf7d8844703994502d8ac42
SHA1 dbebec220e2e56ad77a60acf0a2fc35a0271803e
SHA256 80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc
SHA512 2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf

C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin

MD5 e079391d7bb4c6c09feed9c50c162a1b
SHA1 7cee144d34c32ddee433ec0244ae72d8cdc47b76
SHA256 9c892012cbeaa9f01238350cb90fb9c03f59bee6229969f3e6085de213b926bb
SHA512 beede4a80d5d07a67559b94e8aa40db304a72d8674877a90e9073b13741288057ad8df52cb93405faccba7e2e2b82645be88e6b1363dda3f3078ce4eeaa544a5

C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

MD5 cc54c848513b2f16a7916281a7fff0e8
SHA1 a1a5a7627934fbe08169706894287a8149ef0c1d
SHA256 937469a56936e28868f28cf125dc48d143e98cb6ca6e12ac14eca46d016f6712
SHA512 ba2e234945291249a51a12e6b4c3824451b89e6ec49a2e12c0aa66e7d621609835a3446d704a5ca0542c5bcc0476c99188543db26a83bc908ea4128985581134

C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin

MD5 b97680f3dbae582562b7dd7dc2fc076d
SHA1 ce06aa2a20791e9fa640fe974539eb18b09c9efe
SHA256 637078aa98ac559352f6020c8cf20d5cde3afb4e231e1f819fb562570b4ce7db
SHA512 b4619173385f57f0fc6c1746416b54d68f42ed681638b5e1e8ca3d758afccadf95ef483e2557ab7b89ffeb7c4736190dfb5b1110fc251b1bcbe4e1f6eedcf5bc

C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin

MD5 51c491702d77ddd95f74469c3b7b992a
SHA1 d2780ef2dd343dc15894b4334d359d48ef82f260
SHA256 9d984690b039e862454a54de1b1acf08c74cfa9beea9e5d18f1f21747af7874a
SHA512 b83625e8f4d7e5348c69cb269054c096ba5423d6f9fa6ea8b3f5587a9b8829a47238108c1b53fe913c4529ba897ac5fe7b4e140dc6f8e37d3e843a617b0a3547

C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin

MD5 df5883e4b0e775a9cadb36e297b21691
SHA1 24c281b76908b8b0ac0accb0adfe50a08d17aa66
SHA256 5200f3b85d9fb27ac6afcc233bca9d45169193ac681a6f6ae192167d2769b2fd
SHA512 863ec02f176779cbf35e65364eb8e639dbb557681e424e450e91fb458a5176fceb646f71945cb6ec5dfb31820bf46a73278b84586743b2c9b56868f1ada7ca3d

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-30 11:05

Reported

2024-11-30 11:07

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\1732964706\ISMBoard_Dll.dll

MD5 0d7510289192713839c6e7e49f1458b7
SHA1 cfd1ea8aac366f018f8b01ba5e4e4300f77af645
SHA256 021725bff9da2c588a0ee269959931603f1731a727707348bb6169df33f23230
SHA512 6fca284c0458766354aeb7d644aaa4a192034a27af1dcdfaea18c7739fdbd034d0dd51bcb824c34b6365a09fe26ce0d71bbf24a04a70bed3d1ea8f0af4438c46

\Users\Admin\AppData\Local\Temp\1732964706\EIPBoardApp.dll

MD5 bcc3444397348d4717ab2abc0faf301b
SHA1 442dfd88f5e2b4bf5a9d02c9e1410f3dfec83b85
SHA256 d88aca417dab53cc6ff063348b7c3c0eec4f8b3d734a47cd62a7c83314b651e3
SHA512 ac979f2d13d0abfcf65972a871ae525c6030d657d25932b6af88a192bf8299eba2a86656afb2a71054f111949503faf2005301e45456717f731974073f3e8b66

\Users\Admin\AppData\Local\Temp\1732964706\RelayBoardApp.dll

MD5 0b40771328e774a74c4581f0f4e7ecd4
SHA1 9fecca657f14f5dad8b61602509dd528290e1eda
SHA256 e20060a9406b926fc8f2eaa654e1f09de3ee20136372f09f40020053456267cc
SHA512 2dbbe3b260d25125c26122168fecca7a2d5f0eff4ff90a09372fc577bdfb97b51d2f02720c62171979cd3a7dc2d1113c3ec7c4900e10741a6d5fc8f7a7d33791

C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin

MD5 588c4d4eeaf7d8844703994502d8ac42
SHA1 dbebec220e2e56ad77a60acf0a2fc35a0271803e
SHA256 80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc
SHA512 2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf

\Users\Admin\AppData\Local\Temp\1732964706\BaseBoardApp.dll

MD5 8528034008232d7c88cc9611db008452
SHA1 b54e494160e0f6fd62fc3912834b0f0b874a3597
SHA256 ede73dce160e0121e411e6f55d0c8f61e8d74eccc817ad8f006da2e20b660858
SHA512 a0e0d5af1af41b54b0ef2a86531d31eaad4ec8f7844f5b1b28f0f2bce27f3b11a19cc8448291c944eb3ec1099fff5dc7e6b4d178e71c4d84f4f42c3842cf0968

C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin

MD5 51c491702d77ddd95f74469c3b7b992a
SHA1 d2780ef2dd343dc15894b4334d359d48ef82f260
SHA256 9d984690b039e862454a54de1b1acf08c74cfa9beea9e5d18f1f21747af7874a
SHA512 b83625e8f4d7e5348c69cb269054c096ba5423d6f9fa6ea8b3f5587a9b8829a47238108c1b53fe913c4529ba897ac5fe7b4e140dc6f8e37d3e843a617b0a3547

C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

MD5 726e11388da9b491711d35d1dc5c23b8
SHA1 2d366141d601fc55f441a8a2de0cfe957ff8fe83
SHA256 687c128aac787e435def2a5737454152a175219779349f8a0920922e2384d50b
SHA512 dbc889a18aa417d18043ed5b5b2ca5bd1bf1e8b59fd5fc2893ea3644979426ab20ec9f1c0b77768fe552d945508ee043055c737620e63dcc7563e6cd407c8d3b

C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin

MD5 df5883e4b0e775a9cadb36e297b21691
SHA1 24c281b76908b8b0ac0accb0adfe50a08d17aa66
SHA256 5200f3b85d9fb27ac6afcc233bca9d45169193ac681a6f6ae192167d2769b2fd
SHA512 863ec02f176779cbf35e65364eb8e639dbb557681e424e450e91fb458a5176fceb646f71945cb6ec5dfb31820bf46a73278b84586743b2c9b56868f1ada7ca3d

C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin

MD5 b97680f3dbae582562b7dd7dc2fc076d
SHA1 ce06aa2a20791e9fa640fe974539eb18b09c9efe
SHA256 637078aa98ac559352f6020c8cf20d5cde3afb4e231e1f819fb562570b4ce7db
SHA512 b4619173385f57f0fc6c1746416b54d68f42ed681638b5e1e8ca3d758afccadf95ef483e2557ab7b89ffeb7c4736190dfb5b1110fc251b1bcbe4e1f6eedcf5bc

C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin

MD5 1f19f27737cd491174a42b684bc0a3fd
SHA1 d8e1b15a2bed4eb15d27f91f4c209d2091007e32
SHA256 ed00ba0b1654f945d98a0f2ef30f3c9125a70f0c480145b628fb68ea0c7c4a4a
SHA512 4f5ecf1b78d07922057cfcb02a00cb808fc5f607a9ac5787bb1c98e27f926b1d89c46706253f3a3546cefa5a316b2abc5aed118fdc845a9b35e627f273b61b2d