Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 00:29
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe
-
Size
418KB
-
MD5
2da7136695532402049d2dd68eb9f14d
-
SHA1
61e7154377e5892a5c143acb143f7bdf1945a251
-
SHA256
d11cbe434d39400a839c262176b109e62466935649c60883f7848234f10d25c0
-
SHA512
e3bfbd7cfa2c03d0acfb2bb546b1b0a94703ded10dfe94435f66e3662b261b118ca1369f065f1f9c0884add3f0b2e53b4a76d5047ff3da5a44978f61fb071073
-
SSDEEP
12288:EplrVbDdQaqdS/KfraFErH8uB2Wm0SX/Nr5FU:AxRW+Fucuvm0a/
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2556 customizing.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\callback\customizing.exe 2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 4960 2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe 4960 2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe 4960 2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe 4960 2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe 2556 customizing.exe 2556 customizing.exe 2556 customizing.exe 2556 customizing.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4960 wrote to memory of 2556 4960 2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe 90 PID 4960 wrote to memory of 2556 4960 2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe 90 PID 4960 wrote to memory of 2556 4960 2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-15_2da7136695532402049d2dd68eb9f14d_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4960 -
C:\Program Files\callback\customizing.exe"C:\Program Files\callback\customizing.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
418KB
MD5347bb0839201d4e2b5bb93c91ad32195
SHA13f758f1e0e814b000b25030235a5a5629bdb0eb3
SHA256b7f5932c7d775642ed469af5624ef31388f22de226996a3db4d9c1a9e6cb57e6
SHA512f155859010cb2cded44b47d0984c7e48a3eb66a81bb85d65d26f0c2a64b0545711727eec079bf2f47863026c53c70375a74bd05b6b9c356736952b81b5c3500e