c7fd1d9a9cd1fd3351c43763d262ba441d725ad6e34f6a842edb8ce77ac7a614 | Triage

Analysis

max time kernel
121s
max time network
117s
platform
windows10_x64
resource
win10
submitted
15/07/2020, 08:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2020-07-14-DLL-for-IcedID-installer-example-18-of-18.bin.dll
Size

159KB
MD5

b91b76fc65623354dc7709cc4dfbd8fe
SHA1

96d91b1ec617bc3cfc00bcc515cd7ebb05bba366
SHA256

c7fd1d9a9cd1fd3351c43763d262ba441d725ad6e34f6a842edb8ce77ac7a614
SHA512

e6d5bfc4f031e00238ea54b50a05854977e4d141bd6962ba0125f1b5dbd7ba9404ca471895dc867f4283ab7639dc1ebf7d686bb8ec31ba4d5876d68b6f988aab

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 3852	976	rundll32.exe	67
PID 976 wrote to memory of 3852	976	rundll32.exe	67
PID 976 wrote to memory of 3852	976	rundll32.exe	67

Blacklisted process makes network request 4 IoCs

flow	pid	Process
5	3852	rundll32.exe
7	3852	rundll32.exe
12	3852	rundll32.exe
14	3852	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3852	rundll32.exe
3852	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-18-of-18.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-18-of-18.bin.dll,#1
  2⤵
  - Blacklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads