Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-10-01_7b7f19d6d192923fbd6f91878d7a9370_icedid_nymaim
-
Size
2.7MB
-
Sample
241001-eddjbsyfrr
-
MD5
7b7f19d6d192923fbd6f91878d7a9370
-
SHA1
d7b269bb4a6994b0e96daaaa96fe4b540136bdaf
-
SHA256
de3b549c955350b574bf9074cacedb097b0a7195e065a59cf7a77295b3726fe1
-
SHA512
3b66bcb7fece93e1a8bb736931cefd9caf05e50b1751da69ec63504134b3f565c48d6ba096e38e4fcec4bbb8cfb31653710a4d9eab6c741b0db626783f93edca
-
SSDEEP
49152:MzewFQU04nOSem7VjKtnbVkjuuNw6tLf:MzB0SOStj2kF5N
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-01_7b7f19d6d192923fbd6f91878d7a9370_icedid_nymaim.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
2024-10-01_7b7f19d6d192923fbd6f91878d7a9370_icedid_nymaim.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-10-01_7b7f19d6d192923fbd6f91878d7a9370_icedid_nymaim
-
Size
2.7MB
-
MD5
7b7f19d6d192923fbd6f91878d7a9370
-
SHA1
d7b269bb4a6994b0e96daaaa96fe4b540136bdaf
-
SHA256
de3b549c955350b574bf9074cacedb097b0a7195e065a59cf7a77295b3726fe1
-
SHA512
3b66bcb7fece93e1a8bb736931cefd9caf05e50b1751da69ec63504134b3f565c48d6ba096e38e4fcec4bbb8cfb31653710a4d9eab6c741b0db626783f93edca
-
SSDEEP
49152:MzewFQU04nOSem7VjKtnbVkjuuNw6tLf:MzB0SOStj2kF5N
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Account Manipulation
1Event Triggered Execution
1Change Default File Association
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1Query Registry
1Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Connections Discovery
1