Overview

overview

8

Static

static

2020-07-14...in.dll

windows7_x64

8

2020-07-14...in.dll

windows10_x64

8

Analysis

  • max time kernel
    68s
  • max time network
    66s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    15-07-2020 08:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2020-07-14-DLL-for-IcedID-installer-example-06-of-18.bin.dll

  • Size

    159KB

  • MD5

    b83aab4515ed7fc26cfcab032852dd34

  • SHA1

    fff4836b62a272e0519e4915125667a9c0763b2b

  • SHA256

    ffb08f27fe1710bc42fed4f350c79885d1a176111b9e4fdcc0b077cb2fe983a7

  • SHA512

    17ca22966b2b8d5172227542b54ce47d16cb7c77993b2712421b268cd907bf2356605d4c830e40fb3695cff761a120f8e4034d0e38096a0b9cf19eb033139295

Score
8/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Blacklisted process makes network request 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-06-of-18.bin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3104
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-06-of-18.bin.dll,#1
      2⤵
      • Blacklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:3616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3616-0-0x0000000000000000-mapping.dmp
    Download