Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/01/2024, 20:26
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe
-
Size
314KB
-
MD5
293061b4100d9e806d53ea8b368e8389
-
SHA1
5697c815e449d77100cf05d63aff6eb36aee6882
-
SHA256
70d3ebd7bc41a256a5a25e08bea4614118ac71a9803cf169c8815c505a94861e
-
SHA512
c9648d19f11fcf9a5dcc6c46641e63ad1e95f39bfbfa94c7110dbca84b85c44f618c59938a78c1392ce1c68b99bcbd3edec49ae93e309d0a8613964d366d499a
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2864 Performance.exe -
Loads dropped DLL 2 IoCs
pid Process 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File opened for modification C:\Program Files\Composition\Performance.exe 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe File created C:\Program Files\Composition\Performance.exe 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 2864 Performance.exe 2864 Performance.exe 2864 Performance.exe 2864 Performance.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3040 wrote to memory of 2864 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 28 PID 3040 wrote to memory of 2864 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 28 PID 3040 wrote to memory of 2864 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 28 PID 3040 wrote to memory of 2864 3040 2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_293061b4100d9e806d53ea8b368e8389_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Program Files\Composition\Performance.exe"C:\Program Files\Composition\Performance.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
314KB
MD50f4be69a03db9a348279625199481e13
SHA1650feba621c3300e5bb5966f90c1d756576cee9f
SHA2560fe05dce1c59c7d91d32191bd4bfc67a9dbdf7c206d72b05c87e11f26439f97d
SHA5123fd1532eaa83a2b20f5b04ceac23b27ecb26f19162ba961d3ff1aa82a47d24228a729e057e5d645a502727863995c5752dbb8aff02d920422d1b76db21c71683