Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 19:45
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe
-
Size
313KB
-
MD5
66652483ed08fc53f5419e2afd1434c5
-
SHA1
9a885110a1e7777ae176b5dd677876144bd58efd
-
SHA256
30a690353a96b33f0df304117489d96a8250504fe21cb15a4ce972038fbb08b8
-
SHA512
167e0599d519427b0d8e6229e6794d6bada30b0456abdd0c59c9da81c0602b9daab1b1720bb67281d381d348bdc1431efcb9d7e90ecd32682c5590fd3381b7ac
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2796 Kaufmann.exe -
Loads dropped DLL 2 IoCs
pid Process 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\Morgan\Kaufmann.exe 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe File opened for modification C:\Program Files\Morgan\Kaufmann.exe 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 2796 Kaufmann.exe 2796 Kaufmann.exe 2796 Kaufmann.exe 2796 Kaufmann.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2508 wrote to memory of 2796 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 28 PID 2508 wrote to memory of 2796 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 28 PID 2508 wrote to memory of 2796 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 28 PID 2508 wrote to memory of 2796 2508 2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_66652483ed08fc53f5419e2afd1434c5_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Program Files\Morgan\Kaufmann.exe"C:\Program Files\Morgan\Kaufmann.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
313KB
MD596cbb7138a765c9b275832ff93649f6f
SHA15784cc9a1f353a21b52310730ae7304244cb7567
SHA25652d210ab2a42d59d036d593fa697b70cce116c43b6db622f030db43aaf8eaa3a
SHA512d88bba70dab8518767f064a708083c7bcdfbe5febea4e4f05b0a5f9105f8a91a740d6adbf82094d31201384e8a7e3882e354fc7229671189134cdc1cc8662895