Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 11:30
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe
-
Size
379KB
-
MD5
138f6c243b90193fdbbd5d2e5c23f940
-
SHA1
e1892016e1a9eb216ea697453e5539d239381ea9
-
SHA256
c70f088ee5fde2b0159adac90200e1a3544f81e6a9f9be301febd712b978b06d
-
SHA512
2102d11c2ec3ec891dd65944592eefccf406545959ecc09e4c28746f2abd930eb0bf84c3c2e8ad07e521db37a24cf3ee2963bc6bbfd1bacdab40fc398bc331a9
-
SSDEEP
6144:cplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:cplrVbDdQaqdS/ofraFErH8uB2Wm0SXj
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2020 Documentation.exe -
Loads dropped DLL 2 IoCs
pid Process 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\within\Documentation.exe 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 2020 Documentation.exe 2020 Documentation.exe 2020 Documentation.exe 2020 Documentation.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2312 wrote to memory of 2020 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 28 PID 2312 wrote to memory of 2020 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 28 PID 2312 wrote to memory of 2020 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 28 PID 2312 wrote to memory of 2020 2312 2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_138f6c243b90193fdbbd5d2e5c23f940_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Program Files\within\Documentation.exe"C:\Program Files\within\Documentation.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
379KB
MD5a8b0f761a94ac283ad4a27762dd995f9
SHA1b26ba67993cd62d50320528a9e54636999a290bf
SHA25647e784a6478772ab683041878c680e07099cc3e84ebc66a07e34ec2b4583c2bb
SHA512e20632ae9e0213ba6e795addbc85ee4ed526a80ad8291e50d78f197a04620ee2e41a24e869318d6ae022284e098a10bf8bc2e75a1747e24544633759339203b3