7eff8901e4f77417a33b4d017a84636d2d8e04c520440511743f945e29e5dda0 | Triage

Analysis

max time kernel
138s
max time network
72s
platform
windows10_x64
resource
win10v200430
submitted
15-07-2020 08:20

Sharing

Report Analysis Logs

General

Target

2020-07-14-DLL-for-IcedID-installer-example-02-of-18.bin.dll
Size

159KB
MD5

d67c4000e2f34049fe70ed79a11270b4
SHA1

bd6d9f7098b0da9fe75fcefdaa78b6e1e2e33d79
SHA256

7eff8901e4f77417a33b4d017a84636d2d8e04c520440511743f945e29e5dda0
SHA512

8e3e8c3c4a55b7235c0d11b97222be02a9fdc50d67aba61f8c49ee81e85525d6700ca7d02bb1dc750ed2c326c4d99cdce21ee4ebbc01d5b8547269202ff8c38d

Score

8^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
388	rundll32.exe
388	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 388	3724	rundll32.exe	66
PID 3724 wrote to memory of 388	3724	rundll32.exe	66
PID 3724 wrote to memory of 388	3724	rundll32.exe	66

Blacklisted process makes network request 4 IoCs

flow	pid	Process
9	388	rundll32.exe
11	388	rundll32.exe
13	388	rundll32.exe
15	388	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-02-of-18.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-02-of-18.bin.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Blacklisted process makes network request
  PID:388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads