Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/04/2024, 20:09

General

  • Target

    2024-04-22_59c0ac791aa6dadbdc7ed8ae2156d61e_icedid.exe

  • Size

    2.3MB

  • MD5

    59c0ac791aa6dadbdc7ed8ae2156d61e

  • SHA1

    87db6ce7586a1632aafd91c1b193c2eafa43229f

  • SHA256

    da4c4bffb2ee9d7f68e3ed31af82b0b9f40f09956d5fdaa256f217afd7ac3787

  • SHA512

    4e6473a42f4dca659fa550f69feecf31a5f88a0d45c8aeb10e8b76fce2ab35d078c77c0476812cff586a002842f4ee87aef715955ccb599f2dda8697006c2a32

  • SSDEEP

    49152:K3Mzz9JpLKwhvFY9A8/KVtoKArx+KOw9xV1XL4Is6OBNPJd02K:eMzz9JhKyFY9A8/KVtaDOw9xV1XJs5Bh

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-22_59c0ac791aa6dadbdc7ed8ae2156d61e_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-22_59c0ac791aa6dadbdc7ed8ae2156d61e_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\11AD.tmp
      C:\Users\Admin\AppData\Local\Temp\11AD.tmp
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\11AD.tmp

    Filesize

    145KB

    MD5

    c610e7ccd6859872c585b2a85d7dc992

    SHA1

    362b3d4b72e3add687c209c79b500b7c6a246d46

    SHA256

    14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

    SHA512

    8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

  • memory/2232-0-0x00000000022F0000-0x000000000237E000-memory.dmp

    Filesize

    568KB

  • memory/2232-1-0x00000000022F0000-0x000000000237E000-memory.dmp

    Filesize

    568KB