Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/03/2024, 00:44
General
-
Target
2024-03-11_0d95b3b034479a06c85a024ff25267c5_icedid.exe
-
Size
383KB
-
MD5
0d95b3b034479a06c85a024ff25267c5
-
SHA1
0a2bcf4daad9cdd876bc2564d4c7b70c33f9a2af
-
SHA256
bb80dc85055d2c120721c002e6110b49a7a5249cd8837762f408b55cd46e2ec4
-
SHA512
5bf49b40825f752d5a4daef20cd18a61c62c9505804d6639410aa16ee77a5fadd37cf41d5d137a55386220ada4293aaec57e61b45db1a806a967fe1dd0bcc83f
-
SSDEEP
6144:LplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:LplrVbDdQaqdS/ofraFErH8uB2Wm0SXj
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-11_0d95b3b034479a06c85a024ff25267c5_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-11_0d95b3b034479a06c85a024ff25267c5_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\declaration\entirely.exe"C:\Program Files\declaration\entirely.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
383KB
MD5d044cc3ddad80b4cdd91d523a6d98021
SHA1af5bbdf264296e9d55714c1a8666603c9541b388
SHA256e7f1deb52364669a3662a3b78541bcd896994eb274046b09a52d7700c47dc648
SHA51219240efab58cade35fd5d28262f8ab5585c8f8f612fb32cfb23931d1330fd0e84e92cd6644905bb3167deb790ca3344bdee4b28083277031310eeeaed27f7b4e