Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

70897c469d...JC.exe

windows7-x64

7

70897c469d...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2023, 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70897c469de7501042fd7693433e4c48_icedid_JC.exe

  • Size

    367KB

  • MD5

    70897c469de7501042fd7693433e4c48

  • SHA1

    a35e02f631ee641b046da95422fb43a3dc866015

  • SHA256

    66bdeaa8034b515dc9e3fe949c785a97fa4c784fef6f5d7ed085d1ee7d1388d5

  • SHA512

    ec4726110b1457aafc1b03bf3a7979a388f0991679445c2c1689295cc01b88fcc9e27eb9171ea167b6f4264b40c78062c2936417699aec307154e2fbc2ebb406

  • SSDEEP

    6144:uplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:uplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70897c469de7501042fd7693433e4c48_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\70897c469de7501042fd7693433e4c48_icedid_JC.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files\Brockschmidt\Inside.exe
      "C:\Program Files\Brockschmidt\Inside.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Brockschmidt\Inside.exe
    Filesize

    367KB

    MD5

    9647c8e8fd04fa7c9c5a92e4d78da086

    SHA1

    4f65a8ca7b1642f7844fb584bd38dff6a925281b

    SHA256

    69c84619330571c55c92423cde84d4c08caa103bb9c620a0079608e5c3e563c6

    SHA512

    5d965ef9e1c9407bd0f91fda7579648c3d3aa09f9f25412ec2a2ae719873e508bc76465e7ab30e8a07337d8b740981c3ed241e4b18b7606526b792e8af7a8cb3

    Download Submit

  • C:\Program Files\Brockschmidt\Inside.exe
    Filesize

    367KB

    MD5

    9647c8e8fd04fa7c9c5a92e4d78da086

    SHA1

    4f65a8ca7b1642f7844fb584bd38dff6a925281b

    SHA256

    69c84619330571c55c92423cde84d4c08caa103bb9c620a0079608e5c3e563c6

    SHA512

    5d965ef9e1c9407bd0f91fda7579648c3d3aa09f9f25412ec2a2ae719873e508bc76465e7ab30e8a07337d8b740981c3ed241e4b18b7606526b792e8af7a8cb3

    Download Submit

  • \Program Files\Brockschmidt\Inside.exe
    Filesize

    367KB

    MD5

    9647c8e8fd04fa7c9c5a92e4d78da086

    SHA1

    4f65a8ca7b1642f7844fb584bd38dff6a925281b

    SHA256

    69c84619330571c55c92423cde84d4c08caa103bb9c620a0079608e5c3e563c6

    SHA512

    5d965ef9e1c9407bd0f91fda7579648c3d3aa09f9f25412ec2a2ae719873e508bc76465e7ab30e8a07337d8b740981c3ed241e4b18b7606526b792e8af7a8cb3

    Download Submit

  • \Program Files\Brockschmidt\Inside.exe
    Filesize

    367KB

    MD5

    9647c8e8fd04fa7c9c5a92e4d78da086

    SHA1

    4f65a8ca7b1642f7844fb584bd38dff6a925281b

    SHA256

    69c84619330571c55c92423cde84d4c08caa103bb9c620a0079608e5c3e563c6

    SHA512

    5d965ef9e1c9407bd0f91fda7579648c3d3aa09f9f25412ec2a2ae719873e508bc76465e7ab30e8a07337d8b740981c3ed241e4b18b7606526b792e8af7a8cb3

    Download Submit