Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-02...id.exe

windows7-x64

7

2024-02-02...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/02/2024, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-02_a1af92491a9e626e0c2ba624f0b3af1e_icedid.exe

  • Size

    284KB

  • MD5

    a1af92491a9e626e0c2ba624f0b3af1e

  • SHA1

    b122341d56d619de0d25b4198fc071be2cd44a70

  • SHA256

    d3904bfc172d013a6f4a13b6730a64eb2b48cdb0290f410b946f995224e1f4fa

  • SHA512

    1adbcde1c3de3c368794c98023a61df757c85d8b0f75f08b6d1751e1653109c32a9e41c4168c2578b473c173681495edb9fb4d20c8aa9d00555a76f1acde373c

  • SSDEEP

    6144:hlDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:hlDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-02_a1af92491a9e626e0c2ba624f0b3af1e_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-02_a1af92491a9e626e0c2ba624f0b3af1e_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4404
    • \??\c:\windows\system\sethome8000.exe
      c:\windows\system\sethome8000.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3816
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:856
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4324

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
      Filesize

      1KB

      MD5

      7ab7e1e08e584a6ad92eb71f7c3bd8d0

      SHA1

      427d6599918fe7796c31395de98d064ef5525c3e

      SHA256

      16c3dc6b89e3d6e9d807b59a7f152ae80579efc70809589c9a3dbee658404575

      SHA512

      d7778f9c0a94a77bd10d995da0b0dd5617785a9ce0cce64ab4d174fb6ed4b40a209ba5d327358b15af1942f1a56a84319932b10ba8cfe4f27efb3d66e8fe3cb5

      Download Submit

    • C:\Users\abc.lnk
      Filesize

      1KB

      MD5

      dc976ee4a8c89e2ce30e348bed43ae52

      SHA1

      733c09e459f9a55a10105ac7bd768743227d8b92

      SHA256

      ee0576a586c9527b1dc1a6ac5af6610a5f2725f6ed1a33854a1b60376e6bf41d

      SHA512

      3dc7b0972a5d90c23a058eb4c6ae718f335f027b1d3ecafda2e9e7271c4089db6e7df0571858955f3162acf864f8723933a2704a736639d33601fab0f757ff24

      Download Submit

    • C:\Windows\System\sethome8000.exe
      Filesize

      284KB

      MD5

      71db0d0363e7fdc4d6607a60cd19bb5b

      SHA1

      7ffbe2adcf418e3d909df8562db956c7b44f4b39

      SHA256

      6cb43d5d5ad32994780fca601d16460be5b5913e02bf65d41e0e1f39b6a584c8

      SHA512

      73b0b43370fddbec9cbf4b027d3b2c36015d5062e198625a5be506cfa85144963a917ea576bf5f69e5d4cdbed32bfc16ba9e05352b9c7c56ef8ed6f516776e3e

      Download Submit

    • memory/4324-27-0x0000022D76140000-0x0000022D76150000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4324-43-0x0000022D76240000-0x0000022D76250000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4324-59-0x0000022D7E5A0000-0x0000022D7E5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4324-61-0x0000022D7E5D0000-0x0000022D7E5D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4324-62-0x0000022D7E5D0000-0x0000022D7E5D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4324-63-0x0000022D7E6E0000-0x0000022D7E6E1000-memory.dmp

      Filesize

      4KB

      Download