Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2023-08-25...JC.exe

windows7-x64

7

2023-08-25...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 20:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-25_c28689082a33238f951306593b93ac26_icedid_JC.exe

  • Size

    250KB

  • MD5

    c28689082a33238f951306593b93ac26

  • SHA1

    83dfd3e594377604e03275015929e372df6c994b

  • SHA256

    30a0085b1eb42f2639ad4df142501b3653825db391748f7d6d20f7877b077ef9

  • SHA512

    208bc42a1cc5dedbe158889a7b47abd04c04aaa0c598a263027071feefbf4ee06ae50c72a77d40509760568581edbeab79ed1a4087eb497943ea080b3d6deb89

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-25_c28689082a33238f951306593b93ac26_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-25_c28689082a33238f951306593b93ac26_icedid_JC.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Program Files\library\thatcomes.exe
      "C:\Program Files\library\thatcomes.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\library\thatcomes.exe
    Filesize

    250KB

    MD5

    e8ed9df0ba4fbbb46665a8f3d9bdba13

    SHA1

    854ae8ae87d7b7810154d67e93b5eab3be6631e4

    SHA256

    2eee42528b9ce4b10d0525d2b56b00d96e3f556d096adc12c7bc02befd2c7c3e

    SHA512

    1b5b51d53aec4e58507a575958b425bee0ac5f238ed00f34f51ecfe149a150425448ac85c8a142d82232c6a2608c3cef6aea534ebc5f37dcfd0262949f234485

    Download Submit

  • C:\Program Files\library\thatcomes.exe
    Filesize

    250KB

    MD5

    e8ed9df0ba4fbbb46665a8f3d9bdba13

    SHA1

    854ae8ae87d7b7810154d67e93b5eab3be6631e4

    SHA256

    2eee42528b9ce4b10d0525d2b56b00d96e3f556d096adc12c7bc02befd2c7c3e

    SHA512

    1b5b51d53aec4e58507a575958b425bee0ac5f238ed00f34f51ecfe149a150425448ac85c8a142d82232c6a2608c3cef6aea534ebc5f37dcfd0262949f234485

    Download Submit

  • \Program Files\library\thatcomes.exe
    Filesize

    250KB

    MD5

    e8ed9df0ba4fbbb46665a8f3d9bdba13

    SHA1

    854ae8ae87d7b7810154d67e93b5eab3be6631e4

    SHA256

    2eee42528b9ce4b10d0525d2b56b00d96e3f556d096adc12c7bc02befd2c7c3e

    SHA512

    1b5b51d53aec4e58507a575958b425bee0ac5f238ed00f34f51ecfe149a150425448ac85c8a142d82232c6a2608c3cef6aea534ebc5f37dcfd0262949f234485

    Download Submit

  • \Program Files\library\thatcomes.exe
    Filesize

    250KB

    MD5

    e8ed9df0ba4fbbb46665a8f3d9bdba13

    SHA1

    854ae8ae87d7b7810154d67e93b5eab3be6631e4

    SHA256

    2eee42528b9ce4b10d0525d2b56b00d96e3f556d096adc12c7bc02befd2c7c3e

    SHA512

    1b5b51d53aec4e58507a575958b425bee0ac5f238ed00f34f51ecfe149a150425448ac85c8a142d82232c6a2608c3cef6aea534ebc5f37dcfd0262949f234485

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.