Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-26...id.exe

windows7-x64

7

2024-03-26...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-26_35a195cc004cb2e7007568e84474b7cc_icedid.exe

  • Size

    420KB

  • MD5

    35a195cc004cb2e7007568e84474b7cc

  • SHA1

    d30a230d6216963fa31ba71010087fc443475f92

  • SHA256

    72c6638de25cad998ddd211a5940ad98f99b9fdb02dbfdf0412664eb9ee997d2

  • SHA512

    cd4f40928b9ba2faa82d47f0aa1a7c7610c79a9542b044aec4fa7ef6c8b2c9eca8b014cb7a5af779d00ebdffac9e2a6ec0096100f0a10336dd9a0ef3a52063ed

  • SSDEEP

    12288:pplrVbDdQaqdS/KfraFErH8uB2Wm0SX/Nr5FU:rxRW+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-26_35a195cc004cb2e7007568e84474b7cc_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-26_35a195cc004cb2e7007568e84474b7cc_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3548
    • C:\Program Files\existing\Windows.exe
      "C:\Program Files\existing\Windows.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\existing\Windows.exe
    Filesize

    420KB

    MD5

    e4b1e28fb63e64e00fc65955e4e13a60

    SHA1

    4c45b6f143d1a95b2a926289ddd8f3a289d67453

    SHA256

    0384c1a887e101707453702fd924b89d45d34e8ba69caa234a0301e3b1987bb7

    SHA512

    4bd5e2c2beb273ee42d5b4694cc1cd99f183f0efb750901cbbed48622a322bf1078170f2aee861459c39850782ba3ef812ce2de6c0574053f3f32060f2e1293b

    Download Submit

  • memory/3548-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3548-5-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4912-6-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4912-7-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download