Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-10-09...id.exe

windows7-x64

7

2024-10-09...id.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-09_8a2df8050fc8bdfd46a3efe7893f2951_icedid

  • Size

    639KB

  • Sample

    241009-hpnefsvdpb

  • MD5

    8a2df8050fc8bdfd46a3efe7893f2951

  • SHA1

    de03161e09d8b8ab3c8099873db9f0d6ed7bc017

  • SHA256

    7e8e9bf6ef003cf53c3f036315acb51ba792bf827aade73adf131ef95f56e9ab

  • SHA512

    07e07abec0ec68a3d171b2dee064e07d0039934c586c1dff55e0c4b7b27f2f79992b06c413c3a8e2b0c76b0c9a540ca0e9fb7e793a3fa84a5a253876316bcd04

  • SSDEEP

    12288:/WBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolkV:eBasowSg1ohSkROMo+f1kZolG

Score
7/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      2024-10-09_8a2df8050fc8bdfd46a3efe7893f2951_icedid

    • Size

      639KB

    • MD5

      8a2df8050fc8bdfd46a3efe7893f2951

    • SHA1

      de03161e09d8b8ab3c8099873db9f0d6ed7bc017

    • SHA256

      7e8e9bf6ef003cf53c3f036315acb51ba792bf827aade73adf131ef95f56e9ab

    • SHA512

      07e07abec0ec68a3d171b2dee064e07d0039934c586c1dff55e0c4b7b27f2f79992b06c413c3a8e2b0c76b0c9a540ca0e9fb7e793a3fa84a5a253876316bcd04

    • SSDEEP

      12288:/WBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolkV:eBasowSg1ohSkROMo+f1kZolG

    Score
    7/10
    defense_evasiondiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks