Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-03-28...id.exe

windows7-x64

7

2024-03-28...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 14:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-28_e4cf84b64957eccd137d69b1fbb7c56f_icedid.exe

  • Size

    419KB

  • MD5

    e4cf84b64957eccd137d69b1fbb7c56f

  • SHA1

    283b045b55dd4164e65b92f397465729fdd4752e

  • SHA256

    012b6fa5599fd94e3156b60a21dcd9305319dc1b1d79db644de6911f151ed6ca

  • SHA512

    b339b05dcb886aa2b5710a416ca46ab9a655701dc2194cf969058fd90eb6b70c534d0038a7696e2fde6d3654b90bad4df9956dfff8f38418d047d632728e6d09

  • SSDEEP

    12288:RplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:jxRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-28_e4cf84b64957eccd137d69b1fbb7c56f_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-28_e4cf84b64957eccd137d69b1fbb7c56f_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Program Files\DirectX\with.exe
      "C:\Program Files\DirectX\with.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\DirectX\with.exe
    Filesize

    419KB

    MD5

    afc8c56716fbddb9a3b1355aee8b0350

    SHA1

    dedce658f1287277a838c4771ed04b7f7347d102

    SHA256

    ae947e56e9efcff172d1853e96964ba9cb2071b5f3fa552b20f25356b82cc43f

    SHA512

    d20a6a4a4bebd62efcebc2c5c76b24bee5f6043c689fc82f995109b78b05b13e172a8b42c9e6a7eff22c9493e88ae692ad49cb926ea9e5d265fe30ebbc8fb7fd

    Download Submit

  • memory/2676-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2676-9-0x0000000002B70000-0x0000000002CE3000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2676-11-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2840-10-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2840-12-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.