Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-09-09...at.exe

windows7-x64

7

2024-09-09...at.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-09_74cc8d251a20a63b8f3ef65ed393ba6c_icedid_poet-rat.exe

  • Size

    19.9MB

  • MD5

    74cc8d251a20a63b8f3ef65ed393ba6c

  • SHA1

    4897e037ea834d74fc4e228c2dd88be277dcd32e

  • SHA256

    9cbe0ba838c65a97a69485f0ca0a8c7cbce1cd67ea7e96f836872e5185b7953f

  • SHA512

    65d8db7325959244bec6584164fa27ccc94a5ffe669dc232e8f69d8657f2cd84f523d7bfc882db36ba6bdb27052f45e5a5853c511190612a5ba2f5fb4590f1df

  • SSDEEP

    393216:IDtSmngJO/N0nWbHbSbokww2VAd8T1pK:IDtSmUnWbHbSbokww2tTa

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-09_74cc8d251a20a63b8f3ef65ed393ba6c_icedid_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-09_74cc8d251a20a63b8f3ef65ed393ba6c_icedid_poet-rat.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Users\Admin\Documents\BaiduPCS-Go.exe
      "C:\Users\Admin\Documents\BaiduPCS-Go.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2148
      • C:\Windows\system32\CMD.exe
        CMD /C start http://localhost:5299
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://localhost:5299/
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2576
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c SCHTASKS /Create /RL highest /SC ONLOGON /TN NVIDIAControlPanel /TR C:\NVIDIAGeForce\NVDlsplay.Container.exe /RU system
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1884
      • C:\Windows\SysWOW64\schtasks.exe
        SCHTASKS /Create /RL highest /SC ONLOGON /TN NVIDIAControlPanel /TR C:\NVIDIAGeForce\NVDlsplay.Container.exe /RU system
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e218aa2f0397663db73e88ef7678d9aa

    SHA1

    dd14a76a620996a198d0b9b9abe6877489651864

    SHA256

    fa6cd3738472a3de3102ccfa164f4e862c88cc89b0ff84c199255e53c07c0ece

    SHA512

    877627f4912f1836d9b2da15cc0957e51915721f906e8e20baacb4e23ac84a64472652f8a065819227e9f8dbdbaa11037bd8e205ce82e18d1821a9d66501abca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c77bf11cfb348b86be706e5d9ba7d845

    SHA1

    30fde308f50dcefe41669d0d2faeb578fdf8f355

    SHA256

    de199a374344d3ce8f55416b2ed44659fbd5abb33b25eecc0b4ec435ef5736bb

    SHA512

    9611c7bf32dbd64144466c3b24a1c5c41d6133906f22a18f86dfa166df5985c95d46c0041d9e0e4a15ea677964e249abccfc29c8c4423e4c532867c66646c6be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e91e62d5cb0f56ea62976fefe5801ca

    SHA1

    154efa1fe25cf71fa24aa7d3f4291b03b55c8ffe

    SHA256

    deded1b5d875190f6f6ee09e4ba5f016287d16f9dc69e6abc3ff6eda2035300f

    SHA512

    bb81f042b381ad3f7dd6f8cde223f6f4d2b55747f621fdda15cf29daf8dfd0e6ae43bfb8509deb5f8ceeaf777e5e6df29256e655e36ce76013bdf779da2811de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fd8f0cd067e5e11ad12ab51f7740944

    SHA1

    6dec9a94e4936f605f4b8d7b298ef3f52a35b412

    SHA256

    c5452aaf0338e7b57fd9fea23444291117750255bcf3f21797066e41a2820bed

    SHA512

    b8c99a065480eb058646814cd50a420411ac4580d625284b68ed4a6287f2bdf57ac36908ce6e50c08f396fe2c4ec7a046f94de1ddaf8e75cc8280305bc89370c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf91af2e84237d6eb85bacaca84f5dda

    SHA1

    74276f5126641789df3d9d08765530d3fce958d7

    SHA256

    e1a7eadb830827e46deb06e5c5011bc201f449e5de285c923816f89e728bb2d8

    SHA512

    622ac209c378ab294f56cf4fc394b38bbb9615cc7f1cef3a2a988d8fb0ef8541c38099e7040edf8186f594eedb728373ec334e0035898734e87a0c6b164174f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    805ca569c1c346b20f54ab41841886e5

    SHA1

    16fa3d190f38369e2a3acfed1b108e4b937fd5a8

    SHA256

    1d8b26ec9ab81f518e791d6aa2a09c1068a48589080eca0d74aa36f66e7d8800

    SHA512

    55764718e364d94dc1debd04398a0e79dbe5355e52c3ea2f15082eefa4fa3acedb9dabac31020540b280215d217f21c1d07ff33a556b84f48f1c555e02e82b9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da564b0edd08fc5abe18822d074c79a9

    SHA1

    d19902abf74fa6cfd017623a878f5fb6328b96c6

    SHA256

    70558efb7c6b4e413900731ce54c5ffd6dfb20965c896c8c1867b00c64abf899

    SHA512

    9f92121fbc5cc6f46f39e2ce2414613551261ea499a5a352c8b8aae169e5fd441c2322ae99958e83083f744fd98c0067081aa6d72449611e7a1c0cca43975692

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd3a14de11a1387e675b0acd102b65d7

    SHA1

    9df934513b37aef4ad58fccd7ea53cd19e5770aa

    SHA256

    dd9853f93f30f609a52c8d1b924ea1f7f08fef74409217af48f6d68b268e5505

    SHA512

    e57d2b8a6ad05c0b4f8d6b9c456bd308c3e80947e6a1ba732395642c5d7b2f74b1d1974085214f970f196ca69354432d5d69218d8d3124ec700c74b12bd67d56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a4664efd5ee2ab2297a0471b7f63d04

    SHA1

    3d9fd5a53b0a6021217183748a5f1b3ece9a395b

    SHA256

    8e0424d5bdf998338b5dab372e42118ef1b0fbacd5f0b690e1db94d01aab12c8

    SHA512

    c08be7c94403e15e91a92389b092adc0f774e25db905227fb8ef37b5ba0e45bf838e1631d857f9583eb81159ebce2c40ebf3a452563211904f91aa510f42f429

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca6402718a680271e9984a040d94225a

    SHA1

    40c4b72b93d1bff42f00d21aa663ea1970c9d193

    SHA256

    be0d30d34edccf9944bbbab1b52a29dfebe3a1e1678e83646f9813e70787347c

    SHA512

    56a6a251dc6da1a8253b1dc5a1d5595d63a90810abe872fbdcc4d50395df89ebff6b306bb0b2844ebf697e13234861ae01b38151262d1e1eb30b6c28bee3578a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    659e3db1cd0191cba140ef6b7d53f0c4

    SHA1

    6945414c05ce7e4f4a7cf69bdf5e2fb02da09f79

    SHA256

    f34fd97a2b0619de29f027d04cb6f83e99c62d2a547e94a7bab573706ae29571

    SHA512

    aee576b9ab80540c47ebf8624415cdd8efc72e1c31bde429108eeeb973fe420a3541bab3b86089a2ddb570dad292d02b5d5a6a12f51abe3e8ec11486bb03995f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43e5030b4cb796ba3f8c20ab63119490

    SHA1

    0c9e4715590c4adcc25f428c7db815834de18498

    SHA256

    cda9cab4b128898e55c61be91be2068e064b6f48772f248ca385546ebe0962a7

    SHA512

    5e2db08500010485a174b52a37e2447eb7ef7776703c9a5e8fc8ec48f2d4f1490f1bc6249e818bd5be156ef6a5291a47745f292c448e2c56aa5b72611b717eef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d114016f16448051dde9628ebb47eb1a

    SHA1

    7ea94971698eb3c429cded05787cf127e81e3d74

    SHA256

    37b568ebea8b7afe9d86b0b358370d1cb64c3fccb5aec45ea54cc9ab2cfe8d76

    SHA512

    378870c150ae85c4ad79e31609328f4b19239a8eb73d89e601db54954bff0ccb190d70ba9a4345d92b6aed8cfc943be0c1efa45582476a4698c1c34c17a7f448

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f726538fc4f29bb58c1535168f57a7d2

    SHA1

    27d79669fc9dc017fdd8a3a2db06b7560e018f28

    SHA256

    a4973185a20deca89ec992dfa6f250b978372324245a61a848b5d7456d53eb9b

    SHA512

    a6c783ad056c0bf5d023cd8dddbcda3949f773e29b7057d0f6e40c124a021c889e9987df0a56396d02e5449555cd0611d750388c04c017d6a622a8a1efa16729

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cbb99eab14b16b91d8624be2f8d4483

    SHA1

    e30b1c3edb90c84520c915194f69879d7bb82c43

    SHA256

    76d93ab395037e952b406a38c6791b483f415e72c9964b25d10c5d900e29b197

    SHA512

    ef59b28d3185efc15057d38adf5daffd41825c211e8565c1eb559318934687fd45fd106714641add2f4d71286e24dfe585965cff4ad46c23a193739955bb4abc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8344703b343ffdbd5294435fd532a29e

    SHA1

    a7dbe6c3b61b54e253eb9a9b723f1a6dcacfe725

    SHA256

    cbcc29df4f2286312d3a113785faefa8652c3729b2bb4b182289f6c6d88fe17f

    SHA512

    cb210dee9534602228f27557633fef54ec50a01372d06f782d296fe681b513ffd4b35acf6fd6d4f56c1aeb3d02ba12c982f8376b8f1db78181d13e2cffd8ee09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    658aa48727a09e9e55ad367b4b2a1dac

    SHA1

    e80fbdf3a92c6369b1b3aa07f8801ff9a60bedb0

    SHA256

    149e768f90ddc3361ac8d48ba594625e8891c5742a240467069faf7463c3d759

    SHA512

    abe083124195cb9ebcf5ca4511d7383baf8211846584de485d87855ab154d300de67a8f35ad1b2e3881eba5cf769f61971ccc34c1dd5738c52103aa9b321b28f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2750.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar283F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\Documents\BaiduPCS-Go.exe
    Filesize

    16.7MB

    MD5

    8d14c6f4f2111505097d911dadd93497

    SHA1

    cb41c725401b1cb951666adf23407e0d13665c60

    SHA256

    e77f1e90f453c614b7a6c84f4c03ed42fd31e6c696dcdde7aab6825c68cbb20a

    SHA512

    f8cfb34a84924697133da711a57a1b1b3a88698a9d62878d2c99c052ab742a75addb841f4a620535982b282ed5326b48c64f85fd5f11a63efe0d59ce19bbb2d4

    Download Submit