Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

2020-07-14...in.dll

windows7_x64

8

2020-07-14...in.dll

windows10_x64

8

Analysis

  • max time kernel
    68s
  • max time network
    75s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    15/07/2020, 08:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2020-07-14-DLL-for-IcedID-installer-example-07-of-18.bin.dll

  • Size

    159KB

  • MD5

    df13fa6863bf439d737c01966b487e69

  • SHA1

    c2b99b05a4dd23c3cf96f9e23a5f8c88ab89763f

  • SHA256

    a421e1ac6cd39b7709d8929329b2135cb0f1eaea48edc296d03f0b3f41058282

  • SHA512

    0e583fa19b144df61a7c72793a06773226b36eddbf2587ab5c6c7c68210754c19c8765bd8e14d458e3d7464d8eb030b46ca5b7a3eede96ab844b44b9efec23c7

Score
8/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs
  • Blacklisted process makes network request 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-07-of-18.bin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1296
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-07-of-18.bin.dll,#1
      2⤵
      • Blacklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Modifies system certificate store
      PID:1260

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads