Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2023-08-25...JC.exe

windows7-x64

7

2023-08-25...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 20:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-25_c28689082a33238f951306593b93ac26_icedid_JC.exe

  • Size

    250KB

  • MD5

    c28689082a33238f951306593b93ac26

  • SHA1

    83dfd3e594377604e03275015929e372df6c994b

  • SHA256

    30a0085b1eb42f2639ad4df142501b3653825db391748f7d6d20f7877b077ef9

  • SHA512

    208bc42a1cc5dedbe158889a7b47abd04c04aaa0c598a263027071feefbf4ee06ae50c72a77d40509760568581edbeab79ed1a4087eb497943ea080b3d6deb89

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-25_c28689082a33238f951306593b93ac26_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-25_c28689082a33238f951306593b93ac26_icedid_JC.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Program Files\library\thatcomes.exe
      "C:\Program Files\library\thatcomes.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\library\thatcomes.exe
    Filesize

    250KB

    MD5

    e8ed9df0ba4fbbb46665a8f3d9bdba13

    SHA1

    854ae8ae87d7b7810154d67e93b5eab3be6631e4

    SHA256

    2eee42528b9ce4b10d0525d2b56b00d96e3f556d096adc12c7bc02befd2c7c3e

    SHA512

    1b5b51d53aec4e58507a575958b425bee0ac5f238ed00f34f51ecfe149a150425448ac85c8a142d82232c6a2608c3cef6aea534ebc5f37dcfd0262949f234485

    Download Submit

  • C:\Program Files\library\thatcomes.exe
    Filesize

    250KB

    MD5

    e8ed9df0ba4fbbb46665a8f3d9bdba13

    SHA1

    854ae8ae87d7b7810154d67e93b5eab3be6631e4

    SHA256

    2eee42528b9ce4b10d0525d2b56b00d96e3f556d096adc12c7bc02befd2c7c3e

    SHA512

    1b5b51d53aec4e58507a575958b425bee0ac5f238ed00f34f51ecfe149a150425448ac85c8a142d82232c6a2608c3cef6aea534ebc5f37dcfd0262949f234485

    Download Submit

  • \Program Files\library\thatcomes.exe
    Filesize

    250KB

    MD5

    e8ed9df0ba4fbbb46665a8f3d9bdba13

    SHA1

    854ae8ae87d7b7810154d67e93b5eab3be6631e4

    SHA256

    2eee42528b9ce4b10d0525d2b56b00d96e3f556d096adc12c7bc02befd2c7c3e

    SHA512

    1b5b51d53aec4e58507a575958b425bee0ac5f238ed00f34f51ecfe149a150425448ac85c8a142d82232c6a2608c3cef6aea534ebc5f37dcfd0262949f234485

    Download Submit

  • \Program Files\library\thatcomes.exe
    Filesize

    250KB

    MD5

    e8ed9df0ba4fbbb46665a8f3d9bdba13

    SHA1

    854ae8ae87d7b7810154d67e93b5eab3be6631e4

    SHA256

    2eee42528b9ce4b10d0525d2b56b00d96e3f556d096adc12c7bc02befd2c7c3e

    SHA512

    1b5b51d53aec4e58507a575958b425bee0ac5f238ed00f34f51ecfe149a150425448ac85c8a142d82232c6a2608c3cef6aea534ebc5f37dcfd0262949f234485

    Download Submit