Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-06...id.exe

windows7-x64

7

2024-03-06...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-06_5ef445daa7878ac15623e8178961a6b3_icedid.exe

  • Size

    284KB

  • MD5

    5ef445daa7878ac15623e8178961a6b3

  • SHA1

    448ce6eccda4e14884c9b7cfc8fd70819e2ff132

  • SHA256

    692c60c6e3f7efd735d067978145e67f74292c239dfa3788038299eb359337d3

  • SHA512

    a834426e45d47a45303ed069e313dd7a9543148275642ac1e101dbf97b48f129f172c2571b46163be5e69874ce6a26c49b3e944c028cd3da4cdccbc7486b7e88

  • SSDEEP

    6144:blDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:blDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-06_5ef445daa7878ac15623e8178961a6b3_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-06_5ef445daa7878ac15623e8178961a6b3_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3836
    • \??\c:\windows\system\sethome6859.exe
      c:\windows\system\sethome6859.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
    Filesize

    1KB

    MD5

    0191104e1d5e2fb4f19d7ed7a6b4cdf8

    SHA1

    51f3ddeea8605de4788f9c41235ff5b8915bdf4c

    SHA256

    c38d7e300d5ab6b184ccd5ec9f4c3aa95cce8238910cc1cd67cca2b74abfa1d0

    SHA512

    20a7014eef977f59342d334cd1390ec4984046954f5598e46b0c306120c6ce8f2e74348f539bc3b70ad300168cf0bafe8fb668a56aae54a7674f7cd7d2678f5c

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    acf0bf91b47dcaf2c95dbf1057359497

    SHA1

    e96b0926d55db75dff64ea55797ed8dd95d40800

    SHA256

    6525f4957fddfb11b7bfb5a34f27b95e311ba9d84a5f25d15f01012b2f9e30f6

    SHA512

    925055b170b23580c070261aa2a6ce7ad31f67fc2ce86edc76bb2b45f88a106518108760fe88074708f97c190bced6e3bd79ad1d5953d096ca8b437be8ba5787

    Download Submit

  • C:\Windows\System\sethome6859.exe
    Filesize

    284KB

    MD5

    3cf8fdd3231288d57751ca03689ad5ce

    SHA1

    412ec9f560e8a55dbd8bd814f5f805a8df79d617

    SHA256

    51e375e0887c2d20c30788c3c08a0471ec04e77e363bfa9c0706776d0f90a920

    SHA512

    f75c6e8a546e52f8533ee4f7f92626263ba4ce58bcc963cc255db979ede6da429d4abbff644839ae32b84e3a882e4817c429d70270ef207895faa9ab768c3236

    Download Submit