ffb08f27fe1710bc42fed4f350c79885d1a176111b9e4fdcc0b077cb2fe983a7 | Triage

Analysis

max time kernel
68s
max time network
66s
platform
windows10_x64
resource
win10
submitted
15-07-2020 08:20

Sharing

Report Analysis Logs

General

Target

2020-07-14-DLL-for-IcedID-installer-example-06-of-18.bin.dll
Size

159KB
MD5

b83aab4515ed7fc26cfcab032852dd34
SHA1

fff4836b62a272e0519e4915125667a9c0763b2b
SHA256

ffb08f27fe1710bc42fed4f350c79885d1a176111b9e4fdcc0b077cb2fe983a7
SHA512

17ca22966b2b8d5172227542b54ce47d16cb7c77993b2712421b268cd907bf2356605d4c830e40fb3695cff761a120f8e4034d0e38096a0b9cf19eb033139295

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 3616	3104	rundll32.exe	67
PID 3104 wrote to memory of 3616	3104	rundll32.exe	67
PID 3104 wrote to memory of 3616	3104	rundll32.exe	67

Blacklisted process makes network request 4 IoCs

flow	pid	Process
2	3616	rundll32.exe
4	3616	rundll32.exe
6	3616	rundll32.exe
8	3616	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3616	rundll32.exe
3616	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-06-of-18.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-06-of-18.bin.dll,#1
  2⤵
  - Blacklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads