Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 15:36

General

  • Target

    2024-03-06_5ef445daa7878ac15623e8178961a6b3_icedid.exe

  • Size

    284KB

  • MD5

    5ef445daa7878ac15623e8178961a6b3

  • SHA1

    448ce6eccda4e14884c9b7cfc8fd70819e2ff132

  • SHA256

    692c60c6e3f7efd735d067978145e67f74292c239dfa3788038299eb359337d3

  • SHA512

    a834426e45d47a45303ed069e313dd7a9543148275642ac1e101dbf97b48f129f172c2571b46163be5e69874ce6a26c49b3e944c028cd3da4cdccbc7486b7e88

  • SSDEEP

    6144:blDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:blDx7mlHZo7HoRv177ePH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-06_5ef445daa7878ac15623e8178961a6b3_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-06_5ef445daa7878ac15623e8178961a6b3_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2268
    • \??\c:\windows\system\sethome8072.exe
      c:\windows\system\sethome8072.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk

    Filesize

    965B

    MD5

    ffe130a8a3ea451ea42a4ce80a108d76

    SHA1

    ae4c1412cc563faa1af9cc6168eaf37ccb7bf98a

    SHA256

    d865c8aa544f00b7fad8b15d14713a4a818f4d1066f0fd819d3a70fc25274175

    SHA512

    0b0115af0ac68a4f8637ae2215e17e1f0ffb904acaeec653763529ccd73f3cba6d01529b9e8037313dc96ef0f94b240c572d7efc6d52c79eb6008910e0f5d3d1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

    Filesize

    1KB

    MD5

    e17da7d45f12a31a9a48bebaa3f79190

    SHA1

    672f5fcd657b65a9c61f04bfc12acbadad2f62d8

    SHA256

    ea4f70132fa60b37b956698d067870c25d0df4032968e40e770141f024c6b0de

    SHA512

    b0ba483695160948cefbe20f1acbd7c4824018b7c58813d023df34c30f2501ef4f64484553d74be9fac7d9eb5a81cd076c0b8d53c60e6439d3a3492c543bdd1b

  • C:\Users\abc.lnk

    Filesize

    1KB

    MD5

    97a48f9b67cd984528746800acd38533

    SHA1

    400e1d9ee2db8a89773c1f06d372168430b247f3

    SHA256

    b5f52b15e5ce4004f6680c2cf3ff008e52bdf32191bbb0bdf087c5691b60f781

    SHA512

    46605a2a7f9ffec2cd215c0d7be71d20dd3b339ea00b458c13ca2d581c91e51c852c2b335d9e8a743c89cc3090fcb4b4c8580178155bfa5230268669c5bad6e3

  • \Windows\system\sethome8072.exe

    Filesize

    284KB

    MD5

    1b15f91ad7d13f57a9946f1cdf0e6067

    SHA1

    8db4717266c1f72a81e92a4b3889b39458afa967

    SHA256

    37712c64a95bb219399e3904d1a3c88ce6af2d86172d583eefdf4cc92e7a307b

    SHA512

    45bdd1b4e9f8bb38135416a9839abe9fbfd5b3192ea036f9131db6884e9d7dfe839446ccfa042b9114e61f0b2e748febc5cc225d5ff3786175ec88a6191c1511