Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-20...id.exe

windows7-x64

7

2024-04-20...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe

  • Size

    284KB

  • MD5

    f4c643c6d310c79018da4ab405e2a8b8

  • SHA1

    2efa89b5eaab5c7c5baeb57bc811ffcb63cb74fc

  • SHA256

    3e46c0a488563b5ec02f1bab132195accacae030e50324073af6ca2bab6386dd

  • SHA512

    dc937e0f25b18aded9d0484c216e00740b64053ecc850c083202d73e5b02c5b8deeb1591fb803fb45ee119f87a0fcf533f159f40e6a0809f9c75e77d0a0836be

  • SSDEEP

    6144:UlDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:UlDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3952
    • \??\c:\windows\system\sethome718.exe
      c:\windows\system\sethome718.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
    Filesize

    1KB

    MD5

    54160cd3f6d48e58a8b8aed731891143

    SHA1

    b9de8230161b403f54031420fcdff741a526b517

    SHA256

    b34468df5be2d7614672113ce48947bc0965629b52899bb8dda6b120fedf242e

    SHA512

    3ee66a3d57196756d340a68246bea00c8d7fb9ec98fdca186f3da076a036a3c6690f1d017e4f2bfb59249e68a8a478d637833cd173ef7f0cb573704722254706

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    d567d6608ac31031e3aa51e9bc0149ba

    SHA1

    c59e9e4a3788cf27b9b2156eaec03cdde00c8be6

    SHA256

    ae7cc5b58dc294e9c64c999402ec079b1adbcc9f178a591c9be29e58b936f7ec

    SHA512

    e4b8a64d5fc6afce3dac3b56da71aa9bc54b8ed468ec54a99df0c37e6869e35bc3f8aaf43821a30e376e08aa3b15074965d053a79be581e2811ea9b0b0f6d46d

    Download Submit

  • C:\Windows\System\sethome718.exe
    Filesize

    284KB

    MD5

    b56359a02562093a202d0125154e4af5

    SHA1

    031ec15496586eaff96e127975888ee067d65d78

    SHA256

    d343e917b20148e1866118b10a9b9eaeaecc6f70629ec38c92f852b401f38457

    SHA512

    8b8a975132c3acab152019691a3f6b854c491ed8fc839f1f7fecd696a70e270749d8fe39d62e45a412a5ae9ed0c235a6f109a1e60da217ba40c086e87adfeed0

    Download Submit