Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05/01/2024, 05:52
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe
-
Size
383KB
-
MD5
e99b8cc22c830c3a28a8cecf2723b94f
-
SHA1
7e2c6c8ba3d726528ad91a4e08f13d554ab06397
-
SHA256
836d3c624e02eb7665612a08cff502d739531da88d13b71f4cc9115102274d80
-
SHA512
4e6ce3a078bba484849061621e58efabc3a4b0e6b2af9e647dd0d349a752753cbf0b1dc1ea09bf7bc0c6b2aeb6c0e4428be9b129f67f8e5065e6cee2efe10957
-
SSDEEP
6144:cplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:cplrVbDdQaqdS/ofraFErH8uB2Wm0SXj
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2484 Panel.exe -
Loads dropped DLL 2 IoCs
pid Process 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\accordingly\Panel.exe 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 2484 Panel.exe 2484 Panel.exe 2484 Panel.exe 2484 Panel.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1648 wrote to memory of 2484 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 28 PID 1648 wrote to memory of 2484 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 28 PID 1648 wrote to memory of 2484 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 28 PID 1648 wrote to memory of 2484 1648 2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-01_e99b8cc22c830c3a28a8cecf2723b94f_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Program Files\accordingly\Panel.exe"C:\Program Files\accordingly\Panel.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5225349542b91b196581fd554cd59d04a
SHA129cb8b0e683585b605db15a72cc7956357c59a09
SHA256a5fbc413472374d19b89abca3b5e32fb2605a6c888fc910ab27424618773ee2b
SHA5120d08c1969961349fadcafe488f20b2cc3e83898d3243698387d6335a4fcb19e28c3cac4889da350ed444b43d437539ee61de37d612de882545930847820a848f
-
Filesize
82KB
MD5237e23839fe5ff01bbccc35d20683c0a
SHA14c86bd376a4dde4d368b4e8be5c919f20ecbb251
SHA25630f7825d3b621b8d750dd082e7ccc8491130e295f7312f6af0441035d772eed1
SHA512e4342c2aff929bf70aae0d2fc3df7406690fd3b936f30830e9c560a556996b711188d12c403b58511154e0f75ecf017ba937a75e8c1d312d67aeea5a96ec2320
-
Filesize
224KB
MD56ba98871b4fbfa221f546afcdb82fc73
SHA10eae10993e48f5f9b5929c4ad2b1bf214f1d3abf
SHA2567d8be669abcf0506bc71d5b7bdf46228b6eda7a864cf2252a8471139700b9d40
SHA512fa7ac53544d5a4f85d291168f2676fca2f5b59cc0a3a86b6a2b793b22df32c83aa9c7d0750711b9c9b30f9a8eec26572b5e74c45e00ffed0f40e93e6fa4e2b4d
-
Filesize
51KB
MD57f1605e6ebc3fc74c46a2808074ace51
SHA1fc969173637d3d5164fa476aeeb1caaeec10eec8
SHA2564f6a7687fca2cc751804947616843c43f3265b706ef076c86ad0864b7e57588e
SHA5125fc87224c3ee6dc95c22cf0bfeeab6cd22a4267afff5178d33592ccec972b48a78b5187012907ea735b2643f477a3cf8b2bdf6bb25d9d9ca53373fda100f18a7