Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-13...id.exe

windows7-x64

7

2024-03-13...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 20:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-13_f8be4dca27f7926738635adc2762b8ea_icedid.exe

  • Size

    419KB

  • MD5

    f8be4dca27f7926738635adc2762b8ea

  • SHA1

    909c3f2fcbba136e7f0064f943139a715b67af4e

  • SHA256

    fcccb05f5e2e2a40dbd0bfbd065227d330d1bdc60f850179319d0b0641dd0d78

  • SHA512

    d4ad69be82942a4d76a3e7957119f218cc1664fcb804bd9f0dae0af640e20ab64241f0541737594f8f2b2564a7b92cfa1051d9066a3a4d9388666caf19481eac

  • SSDEEP

    12288:lplrVbDdQaqdS/KfraFErH8uB2Wm0SX/Nr5FU:XxRW+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-13_f8be4dca27f7926738635adc2762b8ea_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-13_f8be4dca27f7926738635adc2762b8ea_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Program Files\function\necessary.exe
      "C:\Program Files\function\necessary.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\function\necessary.exe
    Filesize

    419KB

    MD5

    9b4da175e7c4e207d4e4f9bff1039185

    SHA1

    bb53b28ef7caa115ce70b7230bea11f43279e021

    SHA256

    c625143b74b24a5077de21633a33085ec3ed915801da07a8af0d3baceee85ea9

    SHA512

    521de1d3dc33706f205d907346594aa3d371ab02dc0dcf8bff7dddbda8cd8d6f24dec776d47eac867937b7388561359c227355de8e19125891da830285d67892

    Download Submit

  • memory/1164-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1164-5-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1352-6-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1352-7-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download