Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-02-22...id.exe

windows7-x64

7

2024-02-22...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 05:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-22_d6629d406bf6599d99e677ae0ed0adfb_icedid.exe

  • Size

    276KB

  • MD5

    d6629d406bf6599d99e677ae0ed0adfb

  • SHA1

    b079482da21a49aad76f5bb889a8e055183373c7

  • SHA256

    dc593850ca6e703805ad251ca21acb46fb23a3ea129073cf0ff992caa2cceb7f

  • SHA512

    961f69aa198599f2fb47e4716caa02e9ce9039c07d343ae550794f49210895c4c337645127fe427475fe9dec3e2d4ab52e51a3455c9ad100ec3e746685bfa44b

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-22_d6629d406bf6599d99e677ae0ed0adfb_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-22_d6629d406bf6599d99e677ae0ed0adfb_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:888
    • C:\Program Files\MessageBox\upgraded..exe
      "C:\Program Files\MessageBox\upgraded..exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4172
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 1012
      2⤵
      • Program crash
      PID:3748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 1000
      2⤵
      • Program crash
      PID:4136
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 888 -ip 888
    1⤵
      PID:4444
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 888 -ip 888
      1⤵
        PID:3508

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\MessageBox\upgraded..exe
        Filesize

        276KB

        MD5

        72d2d62373bc7a5c397640649f7b8a1e

        SHA1

        7bbe087409fb6ecff7c5fb7091476a7713aa729a

        SHA256

        3bf26cda25e2062452b97538222bee8b3b1c293e32bfa36436dfd1bed743494b

        SHA512

        d86159876a3e04825def365c909aa3f46b8d2be837c457e794a75015a3059bf8f2f67caeacf5a3171461b3fc5e4de851cae087ee25d2ce5741be583682921147

        Download Submit