Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-01-14...id.exe

windows7-x64

10

2025-01-14...id.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2025, 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-14_544feca0515d819bc19521d3361678c4_icedid.exe

  • Size

    784KB

  • MD5

    544feca0515d819bc19521d3361678c4

  • SHA1

    b54d059d4ecac9d6a8e1535b7ad7a62ea292d310

  • SHA256

    aade0eae2708f2874909f2b7c63345b383d9d3273a668166aa5b5105351c6745

  • SHA512

    9b19241e56e3f1a7b8c8f0cec00b40ea50367ae56988a2e52b948e5ece8e3a8831082c4496880356715e4309ed6ba629f19cf30818ca5ec78cd37db64c678b87

  • SSDEEP

    12288:sOps+brP/VgjVbK2rOhkfq8eKYmC3LC2wv5op3xNwnYYdV9PQ/DWwBaHswwpUxug:zs+vPN0buywLC2wvHZdV1MfT8n

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

88.153.35.32:80

107.170.146.252:8080

173.212.214.235:7080

167.114.153.111:8080

67.170.250.203:443

121.124.124.40:7080

103.86.49.11:8080

74.214.230.200:80

194.187.133.160:443

172.104.97.173:8080

172.91.208.86:80

200.116.145.225:443

202.134.4.216:8080

172.105.13.66:443

190.164.104.62:80

50.35.17.13:80

176.111.60.55:8080

201.241.127.190:80

66.76.12.94:8080

95.213.236.64:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-14_544feca0515d819bc19521d3361678c4_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-14_544feca0515d819bc19521d3361678c4_icedid.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1080-9-0x0000000002280000-0x00000000022B0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1080-6-0x0000000002820000-0x0000000002851000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1080-2-0x0000000002480000-0x00000000024B3000-memory.dmp

    Filesize

    204KB

    Download