Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
03/08/2023, 16:19
Static task
static1
Behavioral task
behavioral1
Sample
4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe
-
Size
262KB
-
MD5
4bfe678ed45802d9b87dc34c6c7c5b53
-
SHA1
965413baa1da287e2e9ec548588dd0f4b9e44300
-
SHA256
72fe90a1b651522b77171696e9c8a43701f55247d3defe01ddef7a828ff64f00
-
SHA512
9c8a141d1eb80d9796dadd318484905f599adaf0009debca8d641347bbb572b2d3213243a901148f2403c70f0aa7ec6dcbe4b6cb0bea908d85bcc8205db35c8b
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2784 Addison.exe -
Loads dropped DLL 2 IoCs
pid Process 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\Schirmer\Addison.exe 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe File opened for modification C:\Program Files\Schirmer\Addison.exe 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 2784 Addison.exe 2784 Addison.exe 2784 Addison.exe 2784 Addison.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 2784 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 28 PID 2032 wrote to memory of 2784 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 28 PID 2032 wrote to memory of 2784 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 28 PID 2032 wrote to memory of 2784 2032 4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe"C:\Users\Admin\AppData\Local\Temp\4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Program Files\Schirmer\Addison.exe"C:\Program Files\Schirmer\Addison.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
262KB
MD5d5bb0b170edf31d356ff0de18c62e8a5
SHA12f3d0558a8f752455815a321904d2710265b4eb6
SHA256c6ab61648c99283aa5660362efba43c1325f99cf8f8cecb87992bce153b1e5a1
SHA512946e489a4ebb6b4af326660946f91d1038fa5b858b227b18b01bc46f426e0ee2dca005ee4126c92c08bd25549db372153689963973a545d978262d62728b3252
-
Filesize
262KB
MD5d5bb0b170edf31d356ff0de18c62e8a5
SHA12f3d0558a8f752455815a321904d2710265b4eb6
SHA256c6ab61648c99283aa5660362efba43c1325f99cf8f8cecb87992bce153b1e5a1
SHA512946e489a4ebb6b4af326660946f91d1038fa5b858b227b18b01bc46f426e0ee2dca005ee4126c92c08bd25549db372153689963973a545d978262d62728b3252
-
Filesize
262KB
MD5d5bb0b170edf31d356ff0de18c62e8a5
SHA12f3d0558a8f752455815a321904d2710265b4eb6
SHA256c6ab61648c99283aa5660362efba43c1325f99cf8f8cecb87992bce153b1e5a1
SHA512946e489a4ebb6b4af326660946f91d1038fa5b858b227b18b01bc46f426e0ee2dca005ee4126c92c08bd25549db372153689963973a545d978262d62728b3252
-
Filesize
262KB
MD5d5bb0b170edf31d356ff0de18c62e8a5
SHA12f3d0558a8f752455815a321904d2710265b4eb6
SHA256c6ab61648c99283aa5660362efba43c1325f99cf8f8cecb87992bce153b1e5a1
SHA512946e489a4ebb6b4af326660946f91d1038fa5b858b227b18b01bc46f426e0ee2dca005ee4126c92c08bd25549db372153689963973a545d978262d62728b3252