Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 06:51

General

  • Target

    2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe

  • Size

    284KB

  • MD5

    f4c643c6d310c79018da4ab405e2a8b8

  • SHA1

    2efa89b5eaab5c7c5baeb57bc811ffcb63cb74fc

  • SHA256

    3e46c0a488563b5ec02f1bab132195accacae030e50324073af6ca2bab6386dd

  • SHA512

    dc937e0f25b18aded9d0484c216e00740b64053ecc850c083202d73e5b02c5b8deeb1591fb803fb45ee119f87a0fcf533f159f40e6a0809f9c75e77d0a0836be

  • SSDEEP

    6144:UlDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:UlDx7mlHZo7HoRv177ePH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2292
    • \??\c:\windows\system\sethome5919.exe
      c:\windows\system\sethome5919.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk

    Filesize

    965B

    MD5

    ffe130a8a3ea451ea42a4ce80a108d76

    SHA1

    ae4c1412cc563faa1af9cc6168eaf37ccb7bf98a

    SHA256

    d865c8aa544f00b7fad8b15d14713a4a818f4d1066f0fd819d3a70fc25274175

    SHA512

    0b0115af0ac68a4f8637ae2215e17e1f0ffb904acaeec653763529ccd73f3cba6d01529b9e8037313dc96ef0f94b240c572d7efc6d52c79eb6008910e0f5d3d1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

    Filesize

    1KB

    MD5

    e17da7d45f12a31a9a48bebaa3f79190

    SHA1

    672f5fcd657b65a9c61f04bfc12acbadad2f62d8

    SHA256

    ea4f70132fa60b37b956698d067870c25d0df4032968e40e770141f024c6b0de

    SHA512

    b0ba483695160948cefbe20f1acbd7c4824018b7c58813d023df34c30f2501ef4f64484553d74be9fac7d9eb5a81cd076c0b8d53c60e6439d3a3492c543bdd1b

  • C:\Users\abc.lnk

    Filesize

    1KB

    MD5

    97a48f9b67cd984528746800acd38533

    SHA1

    400e1d9ee2db8a89773c1f06d372168430b247f3

    SHA256

    b5f52b15e5ce4004f6680c2cf3ff008e52bdf32191bbb0bdf087c5691b60f781

    SHA512

    46605a2a7f9ffec2cd215c0d7be71d20dd3b339ea00b458c13ca2d581c91e51c852c2b335d9e8a743c89cc3090fcb4b4c8580178155bfa5230268669c5bad6e3

  • \Windows\system\sethome5919.exe

    Filesize

    284KB

    MD5

    1de647ad47e0669b07c58410072c0b99

    SHA1

    fb89680ff4a8ed4012f1ca3ebfb18c4d3f67683d

    SHA256

    0788f1932e39b89a3d7b108de475f53c1880e02089cc303c418c0b62c3b44002

    SHA512

    1deaffcf76442181f09ef71b0c3a5ffbe7c4d95d1eae32acb0653e6e48b4833ee589f14c074e72f5b792fd7e313be33b1d2e05ecd2de785e44137fb82b41bc2e