Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-08-31...id.exe

windows7-x64

7

2024-08-31...id.exe

windows10-2004-x64

8

Resubmissions

29/11/2024, 09:15 UTC

241129-k73cfaxlfz 10

31/08/2024, 21:23 UTC

240831-z8h3hswela 8

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • submitted
    31/08/2024, 21:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe

  • Size

    10.0MB

  • MD5

    2852198f3ef4c8bdd1ea978ed82591e3

  • SHA1

    717992777e1d521822df536742ee213f373596c3

  • SHA256

    4a417f62a755bf5e0b2721b6d40fbf82fe925f0ee68e4fde8ba56c15aaa00f51

  • SHA512

    edcc3bd01f993e9ff509f5457e13d995b4ae854b30e67fe1c59f2e70b3fef532849d01fb81b0c83ca7cf121c40422e29b73d5b6a12bf8daaa9b5e793fa3169e4

  • SSDEEP

    196608:Oky3BgLy6ipLtOPAr8pY/7ZBPVKpKevWp/:Ix2yNZ//N92KeOl

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 7 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Connections Discovery 1 TTPs 2 IoCs

    Attempt to get a listing of network connections.

    discovery
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c netstat -ano | find ":41200 "
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Connections Discovery
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Windows\SysWOW64\NETSTAT.EXE
        netstat -ano
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Connections Discovery
        • Gathers network information
        • Suspicious use of AdjustPrivilegeToken
        PID:1356
      • C:\Windows\SysWOW64\find.exe
        find ":41200 "
        3⤵
        • System Location Discovery: System Language Discovery
        PID:904

Network

    No results found
  • 1.92.70.96:8181
    2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe
    152 B
     3
  • 175.178.123.72:10368
    2024-08-31_2852198f3ef4c8bdd1ea978ed82591e3_icedid.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab9781.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar97B2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E2EECore.3.3.9.dll
    Filesize

    10.6MB

    MD5

    50c266e46ccf9bc8956279f78d51f205

    SHA1

    0ba5b98a91a9a019cd9b87cf01796c65ee6a0839

    SHA256

    c58e066a293ff260037487d37e37bf3d890c16383d817c7573dab51c514cbd00

    SHA512

    7350a82820faeba3172fad3d87b04c6a2967b797a321a78a53e7156c37fed4661a66d2f78e2f3ddbcbc0d10a56f5d761f7eb761f05d2841568b34841c17e0d37

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ee\Plugins\rdjson.dll
    Filesize

    192KB

    MD5

    2244857ed4d33e3ab8b32c1a09eaff39

    SHA1

    9af9d5bc1be9c202471075b5222500c409428fd0

    SHA256

    e345f88529b2337bb2719550985a049c61a6bca84c113c7b07f7ec5313446f7d

    SHA512

    c88af689b603c22dac0be5cdb0922d0bb58325ee57d736b6fa090e967704edb5fa535100149fd5d02ac764ab32b0ccea99310dd28101ffc907a58414e8867590

    Download Submit

  • \Users\Admin\AppData\Local\Temp\hps4c.dll
    Filesize

    792KB

    MD5

    6637599f87ab11b6238f2f24c55797fc

    SHA1

    a84090bed39c91503300ab3bd78883001bf71aac

    SHA256

    65e65ccfe5b7fc075e06a5cf58507253a92dd9b7ab7a1a2b9e6b31fe7810e6ac

    SHA512

    8edecfb2ac6865bd3886f5ff77c78ccd44a4362d2305b69397526a1e463207430bd838d390979cbdc498040a2fbca21ccdab679df506efec07be400f6b42d828

    Download Submit

  • \Users\Admin\AppData\Local\Temp\wv2++.dll
    Filesize

    1.5MB

    MD5

    860a922b27e5ff77c5ae3ef0092b17db

    SHA1

    58dc7a6e37d5eb0e017b480295b0a057f9274973

    SHA256

    48f8328a6135e7910c5ceeb05626d1d66dcdcd867b7dc7e1cc87d627d9e8790f

    SHA512

    302a736c1b8aa93fe118372dc8d25b84d69f7154be8110317ca289a5c3c2c6002f9e29ea1497b0cc80c61f27b6657292f6b17e8f34b25a0605e5185c9a85f7bf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yyjson.dll
    Filesize

    456KB

    MD5

    f7e8a4be9dc7a7c3e7a75f861223cac2

    SHA1

    7e77900ac2fe952fba12ec88f1c92d3a13e534b6

    SHA256

    32e91c06f7aa35f6dde3f753b1066752db87a9bca0a33e5e043e0493f32cc4fe

    SHA512

    5c32d9be1c3ed0814c65af48fff0faa9d3200c8424f098f6df7f49e8ccc87880ebe891d4f19481d7870e93e5732870b02ed153125749e911a8199ec7e8388be6

    Download Submit

  • \Users\Admin\Documents\ee\Plugins\WebView2Loader.dll
    Filesize

    112KB

    MD5

    e12389f7769a1b1d3328493518658cd0

    SHA1

    9b40a6bb34f1335f40d1e2fcb8e1a44d114e7d54

    SHA256

    3d2226dc9994f49c14de623233a99be1f3717cfda927fbde8d6e21908c279b72

    SHA512

    97323931a273626fb6904d5893915914c92043a7b0e13776d2bb518326cb846c9c374e6975253a4eabcdb1e526bcb081c9ff404d64787f475ba20a934a9c60a2

    Download Submit

  • \Users\Admin\Documents\ee\Plugins\WebView2Runtime.dll
    Filesize

    56KB

    MD5

    b723e0277663c415c7b862f18c4bd160

    SHA1

    caa8d11ffcee0cf310ec9e512fb07d16ae34e6ee

    SHA256

    4429c11eefc4e40274e7ad6c6c6f7dff16298b44e7fb8c618a32d2bf70f708cc

    SHA512

    9994a05f61e309387dabdc1bf75d180b3f987ad9444deac0afdf538bd51e4a06e69edf675a3c40b5164a30e79a64446e71b72646a55904af8086c694cb3f1a44

    Download Submit

  • memory/2416-23-0x0000000071690000-0x00000000716C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2416-11-0x0000000010000000-0x0000000010387000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2416-192-0x00000000711E0000-0x0000000071418000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2416-193-0x0000000010000000-0x0000000010387000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2416-194-0x0000000071690000-0x00000000716C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2416-196-0x00000000711E0000-0x0000000071418000-memory.dmp

    Filesize

    2.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.