Analysis Overview
SHA256
0aa8351c17ece55c2bcd53f5815ea91e28d51ce48bc5c9aff43bd15f60121d22
Threat Level: Likely malicious
The file 2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid was found to be: Likely malicious.
Malicious Activity Summary
CryptOne packer
Loads dropped DLL
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-30 11:05
Signatures
CryptOne packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-30 11:05
Reported
2024-11-30 11:07
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
141s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\1732964707\ISMBoard_Dll.dll
| MD5 | 0d7510289192713839c6e7e49f1458b7 |
| SHA1 | cfd1ea8aac366f018f8b01ba5e4e4300f77af645 |
| SHA256 | 021725bff9da2c588a0ee269959931603f1731a727707348bb6169df33f23230 |
| SHA512 | 6fca284c0458766354aeb7d644aaa4a192034a27af1dcdfaea18c7739fdbd034d0dd51bcb824c34b6365a09fe26ce0d71bbf24a04a70bed3d1ea8f0af4438c46 |
C:\Users\Admin\AppData\Local\Temp\1732964707\EIPBoardApp.dll
| MD5 | bcc3444397348d4717ab2abc0faf301b |
| SHA1 | 442dfd88f5e2b4bf5a9d02c9e1410f3dfec83b85 |
| SHA256 | d88aca417dab53cc6ff063348b7c3c0eec4f8b3d734a47cd62a7c83314b651e3 |
| SHA512 | ac979f2d13d0abfcf65972a871ae525c6030d657d25932b6af88a192bf8299eba2a86656afb2a71054f111949503faf2005301e45456717f731974073f3e8b66 |
C:\Users\Admin\AppData\Local\Temp\1732964707\RelayBoardApp.dll
| MD5 | 0b40771328e774a74c4581f0f4e7ecd4 |
| SHA1 | 9fecca657f14f5dad8b61602509dd528290e1eda |
| SHA256 | e20060a9406b926fc8f2eaa654e1f09de3ee20136372f09f40020053456267cc |
| SHA512 | 2dbbe3b260d25125c26122168fecca7a2d5f0eff4ff90a09372fc577bdfb97b51d2f02720c62171979cd3a7dc2d1113c3ec7c4900e10741a6d5fc8f7a7d33791 |
C:\Users\Admin\AppData\Local\Temp\1732964707\BaseBoardApp.dll
| MD5 | 8528034008232d7c88cc9611db008452 |
| SHA1 | b54e494160e0f6fd62fc3912834b0f0b874a3597 |
| SHA256 | ede73dce160e0121e411e6f55d0c8f61e8d74eccc817ad8f006da2e20b660858 |
| SHA512 | a0e0d5af1af41b54b0ef2a86531d31eaad4ec8f7844f5b1b28f0f2bce27f3b11a19cc8448291c944eb3ec1099fff5dc7e6b4d178e71c4d84f4f42c3842cf0968 |
C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin
| MD5 | 588c4d4eeaf7d8844703994502d8ac42 |
| SHA1 | dbebec220e2e56ad77a60acf0a2fc35a0271803e |
| SHA256 | 80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc |
| SHA512 | 2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf |
C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin
| MD5 | e079391d7bb4c6c09feed9c50c162a1b |
| SHA1 | 7cee144d34c32ddee433ec0244ae72d8cdc47b76 |
| SHA256 | 9c892012cbeaa9f01238350cb90fb9c03f59bee6229969f3e6085de213b926bb |
| SHA512 | beede4a80d5d07a67559b94e8aa40db304a72d8674877a90e9073b13741288057ad8df52cb93405faccba7e2e2b82645be88e6b1363dda3f3078ce4eeaa544a5 |
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin
| MD5 | cc54c848513b2f16a7916281a7fff0e8 |
| SHA1 | a1a5a7627934fbe08169706894287a8149ef0c1d |
| SHA256 | 937469a56936e28868f28cf125dc48d143e98cb6ca6e12ac14eca46d016f6712 |
| SHA512 | ba2e234945291249a51a12e6b4c3824451b89e6ec49a2e12c0aa66e7d621609835a3446d704a5ca0542c5bcc0476c99188543db26a83bc908ea4128985581134 |
C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin
| MD5 | b97680f3dbae582562b7dd7dc2fc076d |
| SHA1 | ce06aa2a20791e9fa640fe974539eb18b09c9efe |
| SHA256 | 637078aa98ac559352f6020c8cf20d5cde3afb4e231e1f819fb562570b4ce7db |
| SHA512 | b4619173385f57f0fc6c1746416b54d68f42ed681638b5e1e8ca3d758afccadf95ef483e2557ab7b89ffeb7c4736190dfb5b1110fc251b1bcbe4e1f6eedcf5bc |
C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin
| MD5 | 51c491702d77ddd95f74469c3b7b992a |
| SHA1 | d2780ef2dd343dc15894b4334d359d48ef82f260 |
| SHA256 | 9d984690b039e862454a54de1b1acf08c74cfa9beea9e5d18f1f21747af7874a |
| SHA512 | b83625e8f4d7e5348c69cb269054c096ba5423d6f9fa6ea8b3f5587a9b8829a47238108c1b53fe913c4529ba897ac5fe7b4e140dc6f8e37d3e843a617b0a3547 |
C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin
| MD5 | df5883e4b0e775a9cadb36e297b21691 |
| SHA1 | 24c281b76908b8b0ac0accb0adfe50a08d17aa66 |
| SHA256 | 5200f3b85d9fb27ac6afcc233bca9d45169193ac681a6f6ae192167d2769b2fd |
| SHA512 | 863ec02f176779cbf35e65364eb8e639dbb557681e424e450e91fb458a5176fceb646f71945cb6ec5dfb31820bf46a73278b84586743b2c9b56868f1ada7ca3d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-30 11:05
Reported
2024-11-30 11:07
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-30_a0e8ab1364a9cbe4db19be0281de9258_icedid.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\1732964706\ISMBoard_Dll.dll
| MD5 | 0d7510289192713839c6e7e49f1458b7 |
| SHA1 | cfd1ea8aac366f018f8b01ba5e4e4300f77af645 |
| SHA256 | 021725bff9da2c588a0ee269959931603f1731a727707348bb6169df33f23230 |
| SHA512 | 6fca284c0458766354aeb7d644aaa4a192034a27af1dcdfaea18c7739fdbd034d0dd51bcb824c34b6365a09fe26ce0d71bbf24a04a70bed3d1ea8f0af4438c46 |
\Users\Admin\AppData\Local\Temp\1732964706\EIPBoardApp.dll
| MD5 | bcc3444397348d4717ab2abc0faf301b |
| SHA1 | 442dfd88f5e2b4bf5a9d02c9e1410f3dfec83b85 |
| SHA256 | d88aca417dab53cc6ff063348b7c3c0eec4f8b3d734a47cd62a7c83314b651e3 |
| SHA512 | ac979f2d13d0abfcf65972a871ae525c6030d657d25932b6af88a192bf8299eba2a86656afb2a71054f111949503faf2005301e45456717f731974073f3e8b66 |
\Users\Admin\AppData\Local\Temp\1732964706\RelayBoardApp.dll
| MD5 | 0b40771328e774a74c4581f0f4e7ecd4 |
| SHA1 | 9fecca657f14f5dad8b61602509dd528290e1eda |
| SHA256 | e20060a9406b926fc8f2eaa654e1f09de3ee20136372f09f40020053456267cc |
| SHA512 | 2dbbe3b260d25125c26122168fecca7a2d5f0eff4ff90a09372fc577bdfb97b51d2f02720c62171979cd3a7dc2d1113c3ec7c4900e10741a6d5fc8f7a7d33791 |
C:\Users\Admin\AppData\Local\Temp\PROFINETEIP_EEPROM_Simulator.bin
| MD5 | 588c4d4eeaf7d8844703994502d8ac42 |
| SHA1 | dbebec220e2e56ad77a60acf0a2fc35a0271803e |
| SHA256 | 80372f96125b99972547aa5836341477137d5affd204c0d43a2554e8cb6f64cc |
| SHA512 | 2a3bf4011243b9443af0cf5e713d3a5c1694fadb5b4e2e097dc7be76a200d4aa86d407bb62d233fc981f664f34fba83758dc8de0bc7b90a1a977d01a52edbfbf |
\Users\Admin\AppData\Local\Temp\1732964706\BaseBoardApp.dll
| MD5 | 8528034008232d7c88cc9611db008452 |
| SHA1 | b54e494160e0f6fd62fc3912834b0f0b874a3597 |
| SHA256 | ede73dce160e0121e411e6f55d0c8f61e8d74eccc817ad8f006da2e20b660858 |
| SHA512 | a0e0d5af1af41b54b0ef2a86531d31eaad4ec8f7844f5b1b28f0f2bce27f3b11a19cc8448291c944eb3ec1099fff5dc7e6b4d178e71c4d84f4f42c3842cf0968 |
C:\Users\Admin\AppData\Local\Temp\ISM485_1_EEPROM_Simulator.bin
| MD5 | 51c491702d77ddd95f74469c3b7b992a |
| SHA1 | d2780ef2dd343dc15894b4334d359d48ef82f260 |
| SHA256 | 9d984690b039e862454a54de1b1acf08c74cfa9beea9e5d18f1f21747af7874a |
| SHA512 | b83625e8f4d7e5348c69cb269054c096ba5423d6f9fa6ea8b3f5587a9b8829a47238108c1b53fe913c4529ba897ac5fe7b4e140dc6f8e37d3e843a617b0a3547 |
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin
| MD5 | 726e11388da9b491711d35d1dc5c23b8 |
| SHA1 | 2d366141d601fc55f441a8a2de0cfe957ff8fe83 |
| SHA256 | 687c128aac787e435def2a5737454152a175219779349f8a0920922e2384d50b |
| SHA512 | dbc889a18aa417d18043ed5b5b2ca5bd1bf1e8b59fd5fc2893ea3644979426ab20ec9f1c0b77768fe552d945508ee043055c737620e63dcc7563e6cd407c8d3b |
C:\Users\Admin\AppData\Local\Temp\BASE_EEPROM_Simulator.bin
| MD5 | df5883e4b0e775a9cadb36e297b21691 |
| SHA1 | 24c281b76908b8b0ac0accb0adfe50a08d17aa66 |
| SHA256 | 5200f3b85d9fb27ac6afcc233bca9d45169193ac681a6f6ae192167d2769b2fd |
| SHA512 | 863ec02f176779cbf35e65364eb8e639dbb557681e424e450e91fb458a5176fceb646f71945cb6ec5dfb31820bf46a73278b84586743b2c9b56868f1ada7ca3d |
C:\Users\Admin\AppData\Local\Temp\RELAY_EEPROM_Simulator.bin
| MD5 | b97680f3dbae582562b7dd7dc2fc076d |
| SHA1 | ce06aa2a20791e9fa640fe974539eb18b09c9efe |
| SHA256 | 637078aa98ac559352f6020c8cf20d5cde3afb4e231e1f819fb562570b4ce7db |
| SHA512 | b4619173385f57f0fc6c1746416b54d68f42ed681638b5e1e8ca3d758afccadf95ef483e2557ab7b89ffeb7c4736190dfb5b1110fc251b1bcbe4e1f6eedcf5bc |
C:\Users\Admin\AppData\Local\Temp\C700_EEPROM_Simulator.bin
| MD5 | 1f19f27737cd491174a42b684bc0a3fd |
| SHA1 | d8e1b15a2bed4eb15d27f91f4c209d2091007e32 |
| SHA256 | ed00ba0b1654f945d98a0f2ef30f3c9125a70f0c480145b628fb68ea0c7c4a4a |
| SHA512 | 4f5ecf1b78d07922057cfcb02a00cb808fc5f607a9ac5787bb1c98e27f926b1d89c46706253f3a3546cefa5a316b2abc5aed118fdc845a9b35e627f273b61b2d |