Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-13...id.exe

windows7-x64

7

2024-03-13...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-13_a1e11f3a292eef2aeac0cb063c3b0de1_icedid.exe

  • Size

    284KB

  • MD5

    a1e11f3a292eef2aeac0cb063c3b0de1

  • SHA1

    c29f5dbbdf7d524e44bb68987e60e48f5dda419c

  • SHA256

    95c05916fa06a693c22a4132cba139ddb32733bcd26b917e70f85c5990e99cab

  • SHA512

    8d52ad54ad930f28b847fd8a69b57eb9bb3f3d61222603fb4fa6fdb5625529ad3e360a598de6e54ceb24e8e745ca79de14263bc078964889bb0ce960347547ea

  • SSDEEP

    6144:klDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:klDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-13_a1e11f3a292eef2aeac0cb063c3b0de1_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-13_a1e11f3a292eef2aeac0cb063c3b0de1_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4056
    • \??\c:\windows\system\sethome7093.exe
      c:\windows\system\sethome7093.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:5520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
    Filesize

    1KB

    MD5

    35570097426f208b5bef45704edab996

    SHA1

    842cec71e6c57a19ec4ed636b575c3d59ae77aa5

    SHA256

    1d6d5fb63918b49aa260c912e154746dada7cacd41f40e204646e05baf5c8f66

    SHA512

    28e0807a8b512a68ecc64ba1e5dc27ac2486338bcb847b7565a765dd1c6ef6f857c08a50494ca36fc8f85051c9597da600c957e1ae51e87803ce16f01a7d6532

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    895f6d1d9a73fbc2992afdf5cc31695d

    SHA1

    6d429e1ed7257d6a2abb434b4c2477624d4fdd3e

    SHA256

    5a41c9c1fda6a6f1ebcab5dc4432f50a8e66d6ff267e59a2d89e0279bc64b6fd

    SHA512

    024c62c12709e0b96e3c97f734397c4e1a37d6db80c8aedf72abf6f0c0c8b83ee379005c5ca0fa6704ee23a900d50323da4fd23fb6a88ba65f46b22c78fbabd8

    Download Submit

  • C:\Windows\System\sethome7093.exe
    Filesize

    284KB

    MD5

    13c3f00f07f2243492584bc056e35196

    SHA1

    870f183792e1912fc70a68243c6dbade1b187360

    SHA256

    dfcb3bb057bb67aca19b86b15a1c6d231e6d8d157b2c434f4622baf5483c56e0

    SHA512

    7ca31088acce75e09446a29ecee4e07e639b3cf5094abf6e2015bf2856c12e77e12fcf68bd5b06ab263d407b234b126d91fc1aad4809d6d9cc15d2dfb3f9fdd6

    Download Submit