Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20/02/2024, 00:44
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe
-
Size
316KB
-
MD5
94c6975d31e286526f0b996c9f46951e
-
SHA1
798eb0318d6480cf7df4c153a1603eb986d98b87
-
SHA256
29b08350067968fea786526a3ce5492860dfa12c6d77374e5ef4d0257c69c296
-
SHA512
8e002a327ec53ebf5eeecb13a73bb393df7f22c6c4fa5963b587ffb4c31a92d2574f9c41c5fed05223513acb21dea5eace947e56d37bc3075d91f0de0c276c81
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4020 obtained.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\Extracted\obtained.exe 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe File opened for modification C:\Program Files\Extracted\obtained.exe 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 5100 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe 5100 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe 5100 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe 5100 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe 4020 obtained.exe 4020 obtained.exe 4020 obtained.exe 4020 obtained.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5100 wrote to memory of 4020 5100 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe 85 PID 5100 wrote to memory of 4020 5100 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe 85 PID 5100 wrote to memory of 4020 5100 2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-20_94c6975d31e286526f0b996c9f46951e_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5100 -
C:\Program Files\Extracted\obtained.exe"C:\Program Files\Extracted\obtained.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4020
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
316KB
MD5f1e0315ad27dd6730d37bda0cef5a2ee
SHA15d3c1cbb64360ceb6d444ee53828afef68ebb855
SHA256e46fd491e0b207d5f718485713e869d8a20b9425d11c94575c996610ba8541bf
SHA5126051566a97d03204cea00ec41733d1b66b011849540edb7b85fef0908629a561431e5f2f7d26a89d6c68148339020840abd6950f74225a61e62042996cc8a365