Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-04-27...id.exe

windows7-x64

7

2024-04-27...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_437c7296f77310731a0cf819b84d80f3_icedid.exe

  • Size

    586KB

  • MD5

    437c7296f77310731a0cf819b84d80f3

  • SHA1

    712559537236328cc4d67e58778700577db85b26

  • SHA256

    de40f4d33a299945f315570f3b54fe033279682117e8b78afb834c855a86431d

  • SHA512

    c1292a6ec7afeeaa97c2e358f4b9c404b5a5e87963120ea21e439f9e56d100c0fe2327494d47b0d6f23d61c38b1f7173ca60200be778e0ab91cb53cfac74dbfd

  • SSDEEP

    12288:YplrVbDdQaqdS/ofraFErH8uB2Wm0gXsNr5FU:ExRQ+Fucuvm0os

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_437c7296f77310731a0cf819b84d80f3_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_437c7296f77310731a0cf819b84d80f3_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Program Files\languages\Chinese.exe
      "C:\Program Files\languages\Chinese.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\languages\Chinese.exe
    Filesize

    586KB

    MD5

    770bb2a804d97868b36417fd7151cc11

    SHA1

    5baaa60e42427c038ae03b03777ae9a5582bd40b

    SHA256

    3adfe161e5e41429ff9ee640b1344f87499fb50e2e2c65ebe860a7b9ac8cd72d

    SHA512

    107efdcf23c693332cf37bd5f139da0dd5ab0f7ea58e63a1a8c019514c8db4a1730c54997ddc55594d5acd5073ccd11f0ae3510a613b815049475212d0462370

    Download Submit

  • memory/848-11-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/848-13-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1556-0-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1556-4-0x0000000002710000-0x00000000028AF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1556-10-0x0000000002710000-0x00000000028AF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1556-12-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download