Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
18/02/2024, 23:32
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe
-
Size
317KB
-
MD5
6d2bfbd2c502b409abbcb7e47863f6e8
-
SHA1
066fc2f9ab78c0c7df10fd000a77c9a0614fdfce
-
SHA256
67c42388ed2e49c1b23be379559b3b8e83aac7eaad148e6475d81b67b7924dbc
-
SHA512
ef966cc7b32ba112b3d03a0874a33c12d5ab7bf6ab93d286a1ecf11a64d6980a78c853ddd4042d13322316f46d35f31abbb4959fb7aa37b7646a603a6dd40663
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2740 convention.exe -
Loads dropped DLL 2 IoCs
pid Process 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\folder\convention.exe 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe File opened for modification C:\Program Files\folder\convention.exe 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 2740 convention.exe 2740 convention.exe 2740 convention.exe 2740 convention.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2336 wrote to memory of 2740 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 28 PID 2336 wrote to memory of 2740 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 28 PID 2336 wrote to memory of 2740 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 28 PID 2336 wrote to memory of 2740 2336 2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_6d2bfbd2c502b409abbcb7e47863f6e8_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Program Files\folder\convention.exe"C:\Program Files\folder\convention.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
317KB
MD5363773750737293d9504fa5db43c895e
SHA112caf95a6b82af44458e3c90bd016ae024fda55e
SHA256ee454fbf0417177acc9b9fd59fd574ec51973d4e555fecff46a938766e66d6e7
SHA5123a8f36d6bb1b81b176c0f28fd7a0add7dcddcb6c1780ffc146ee9468d49e7c2ea15f2ff275a9ad20b69153dfba3361c5ba0b62b3d3d10f6db6184c09713617e5
-
Filesize
88KB
MD5b323ddfa37e1860fcd7c60aa1b88305d
SHA18aedea6fe9bdbfb5508a4bcc58ab5e95004231c3
SHA2565a3bb55fe8e0e1b80974a09027fdd40c0c094b6798700075dbb5968bc564325c
SHA512fb036650440b9dba064bd15b80cae73274353f4dd2d950fc25e92793ef5707d28e687aafe8392a613a3376765c4303088ff8432441611e064eb688acb6eab0ed