Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

2024-03-15...id.exe

windows7-x64

7

2024-03-15...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-15_32bc0a7b28762f359a582601e29c03fe_icedid.exe

  • Size

    4.8MB

  • MD5

    32bc0a7b28762f359a582601e29c03fe

  • SHA1

    b3bb424533b4c32448b081fc799c056438615244

  • SHA256

    a75f33a11dfae22c89d316c96764a9c224b155508813b10b2653ad99398bb744

  • SHA512

    6fb9912b73444913d5e5b0bb450465028c5087b2e8c05c96ba4e17af7cb1be0559a0b19c5ab6d8cb67beef738f93beb69179ab6ba8372d845afbdbe4804b3408

  • SSDEEP

    98304:K8dH6yIUmsPUeeczoxUGm+cKAeIpFkKTpTmaFbh4kKVwlsxyOQ6:99IUPUpUGm+cJmGbhwCsxz9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-15_32bc0a7b28762f359a582601e29c03fe_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-15_32bc0a7b28762f359a582601e29c03fe_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Users\Admin\AppData\Local\Temp\CPE6D0C.tmp\FlashRegistrar.exe
      C:\Users\Admin\AppData\Local\Temp\CPE6D0C.tmp\FlashRegistrar.exe R C:\Users\Admin\AppData\Local\Temp\CPE6D0C.tmp\Flash.ocx
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      PID:2956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CPE6D0C.tmp\Flash.ocx
    Filesize

    31KB

    MD5

    4a1b5347d6e359198c87fb0c84c1900f

    SHA1

    ff1dca89c44db268b5037fc4fc602f34df627744

    SHA256

    c73fbd09683ca4026ba4ec1545fd06432959115d4fe007488974a601b603688c

    SHA512

    1b3a68e404c25cefbd2088e214421d1627eea4148fa63130f77fa78c1fce516b30c7cb17c020d98388dcb5406b7bcd1460b3519e6c28e2a181376abb24fbcbca

    Download Submit

  • \Users\Admin\AppData\Local\Temp\CPE6D0C.tmp\Flash.ocx
    Filesize

    2.8MB

    MD5

    51b0593dddeb7e023518bed54da75860

    SHA1

    7b816b226b07fcf9dbfdc83a208e74e2738cb212

    SHA256

    60250f88a02e465b5de0ffc1f88e69316cb6b67b35a9a91a55b419a335be0aba

    SHA512

    14b1fe2d38f43c5d32ea0d3234c0b29d03a8be570ebe2b340827bc48ed49a1f6383a90cc97237a93a693847c550c54e3842474ce5699f99fc533e148e4c9e837

    Download Submit

  • \Users\Admin\AppData\Local\Temp\CPE6D0C.tmp\Flash.ocx
    Filesize

    1.8MB

    MD5

    6dc268328625eef90cedaf812ac5ffa5

    SHA1

    9d361dea4b960d495d86bb66e1e92ac2620e7419

    SHA256

    9a218f070d0e8773efd4b09f752c3985d54094daea4615785e3121805889ff6d

    SHA512

    9eec95d10a862a8618d167b06ad8181e2dd8a0058553f461cbe2c7bdac39bd290cf99b17626457b416ba348c33cd3da0db6de7533765a33fb59620e97e4e80a1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\CPE6D0C.tmp\FlashRegistrar.exe
    Filesize

    63KB

    MD5

    ed4bb3a88c0d63c029126e6e5cba625e

    SHA1

    f6bbc2ee6079b006e5c811f1e0a1a36a8aafdebc

    SHA256

    0538bc97b726aa5a4c90705f0141eb86b26e240ea035ae4d96211f985d6220dd

    SHA512

    cda6b6adcdfc08f1846bbc55a514793960d7bebe792e3ac032ace2b83d1f00ebabcc69263ab66b1f8ed22487bedc6c816e795a66955f04da28a33621fe717a9e

    Download Submit

  • memory/320-9-0x0000000002530000-0x0000000002531000-memory.dmp

    Filesize

    4KB

    Download