Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-01...id.exe

windows7-x64

7

2024-01-01...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_a3405d7e225a73752d529d50eb2f6760_icedid.exe

  • Size

    303KB

  • MD5

    a3405d7e225a73752d529d50eb2f6760

  • SHA1

    72ff985ff11ddafc8973457f2a7960872fa3af1d

  • SHA256

    1fcd7fdca4e466378bb3da7cff3ae8ccbcbce2cef88f8e6e07ea942af9af58fc

  • SHA512

    0b373429c8ea02d4937ca94aa4df5b50101f9c5ab4598df4d865d048d96c8c77db5435e97ffdb0b24f02b3aa124421a963e51281fc28fa0baaf95559b50d67ff

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_a3405d7e225a73752d529d50eb2f6760_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_a3405d7e225a73752d529d50eb2f6760_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Program Files\facilitates\Reference.exe
      "C:\Program Files\facilitates\Reference.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\facilitates\Reference.exe
    Filesize

    84KB

    MD5

    943949a97e5c808e90b5546586fdacf5

    SHA1

    a8e2d125dbe863439c316712fb799467061dac77

    SHA256

    93704d652d31fc152c65b5e9c0347ae2a3d65e2c412048b6aed0636424dc5335

    SHA512

    53b5ca5c9cb66cc77fa6e8074a64a94ef647d9acd25d6e6a1770b60185fc7a343b790da16611b0d15aa7349f7a04ba0e0be2433190ccf047a5a36e3e7dbdd679

    Download Submit

  • C:\Program Files\facilitates\Reference.exe
    Filesize

    72KB

    MD5

    08a02f647649982401f67878ed5b16ad

    SHA1

    3f6c563aebdf5dcdd0c5b338e73d24c190a21bd3

    SHA256

    7917c1b2d1393a94b85c2b862ebd2dbedabdfec043c0ec784225d60835eb2155

    SHA512

    f4405eaa40528f77cfefaa188fc3b0bb4edfd0d0bfa65da2d1858fa0ebd40e94aec5df8046aad4e45570f87ccf88ed133e046e799febcbce979c8b327caf8626

    Download Submit

  • \Program Files\facilitates\Reference.exe
    Filesize

    106KB

    MD5

    bdaf634e274b4ae8b5704551a9b94598

    SHA1

    15f4569692458e5e119e598d057b9bde716f91f3

    SHA256

    3c53a504fd21d29878a8f46ebc86bbf79315d6d35fa874de426b0e375dbb04f8

    SHA512

    508348cf5c175fcf1460d5175cf6835ab556eb4af92ba094670bfd0c13b95295e701748592bdb0d84143c485dfc733403a99689b58fc008c02dad3d44849858c

    Download Submit

  • \Program Files\facilitates\Reference.exe
    Filesize

    92KB

    MD5

    a4ea4a599d695ea7e19fe8d88a1aedf9

    SHA1

    a6b01306451fff0821844adb865260ea9a039c5c

    SHA256

    7402d9e4895fd066ce2e29d75a0483aa4415af845b05646303c22a3e3d042032

    SHA512

    10625c32ce32f145eb636177383aa46bf7a4787d8a654c11f375282286cdfc833b458a20c7ff091d665ab6aca245c8103c73cae1eeaac58dc9ed79032dcd81d7

    Download Submit