Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe
-
Size
273KB
-
MD5
82f568f1f01c2105d778db68ba2f2479
-
SHA1
aafe16cc7b8864c96e2b96eed4f6781ab5af31c4
-
SHA256
a9a2f1c3bc96772c46f80db49c430f0b5d6e3fb178122bf77810feda7fdc0181
-
SHA512
4c8c64168af6aa711ae7e44a78b764bc5b6908a0597232a88d85683523b4ccdce62dc2ab9c7976618e0b874781cf597b8c022f2e21affa44ffa8f33011726ecd
-
SSDEEP
3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1984 .exe -
Loads dropped DLL 2 IoCs
pid Process 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\.exe 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe File opened for modification C:\Program Files\.exe 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 1984 .exe 1984 .exe 1984 .exe 1984 .exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 880 wrote to memory of 1984 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 28 PID 880 wrote to memory of 1984 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 28 PID 880 wrote to memory of 1984 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 28 PID 880 wrote to memory of 1984 880 2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_82f568f1f01c2105d778db68ba2f2479_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:880 -
C:\Program Files\.exe"C:\Program Files\\.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
273KB
MD5633365427df6ecffaa1cfeb0d5ee7b44
SHA1dd5815afe20bcdeee34c7c7763a9b9e143055bbd
SHA2563dd5c384708d6ef1fa7ba20b5f1d670cf0df7df2ec623dc16ad47ae27561297c
SHA51257bae04499892bf172ea02b6a3844a26c6204a38a521bd0fb5c62aebfde27d144124e8406af2516010c480a51210c48fce4044fdd31a717063f8499875379665