Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/04/2024, 07:52
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe
-
Size
390KB
-
MD5
dbbf4fd1b98e12c724b05e13db11bb64
-
SHA1
474253119ef1771f696ef631b9172ac84016b145
-
SHA256
78546311cb3ef7622f6f1c7c66e2e8c0f95b7f37081d12f11adf5f5d4dbbb532
-
SHA512
9a7d2e502cdf94628866d5abd1ada198984b5ff55830aaacd4f0bd3eabf4557a0717a92d34c5d3927b5388c09578d042c4bf3ba578594ffe6217b3df5ba8d2bb
-
SSDEEP
12288:KplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:mxRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2516 Trip.exe -
Loads dropped DLL 2 IoCs
pid Process 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\Publishers\Trip.exe 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 2516 Trip.exe 2516 Trip.exe 2516 Trip.exe 2516 Trip.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2244 wrote to memory of 2516 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 28 PID 2244 wrote to memory of 2516 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 28 PID 2244 wrote to memory of 2516 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 28 PID 2244 wrote to memory of 2516 2244 2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Program Files\Publishers\Trip.exe"C:\Program Files\Publishers\Trip.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
391KB
MD5f68af327a9410f6a50de0c761a6a7cfc
SHA1ed326581c535eb3cd418791868b177808d7c3b98
SHA25608d158e84ddef95b7d116ad54707f5192f938d9dff0f9ab1bc6fdfee39f5c820
SHA51223a9d4278180b5e684fa867bf4e456ac95ad6c45a221c0765064a103b5de7017d04ae170c0261187d6569f657e0cfbd8ef59d2561c4df73138398394581da3b9