2f2683e21a11c6ce0848ad2a6ecc8999c91967c15a20bf2ccafe0fb9720b7607 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows10_x64
resource
win10
submitted
15-07-2020 08:21

Sharing

Report Analysis Logs

General

Target

2020-07-14-DLL-for-IcedID-installer-example-12-of-18.bin.dll
Size

159KB
MD5

5b7924d7122086850a72347b3cc20954
SHA1

1debb269a8dc5c00a188852a73a855a97c52c203
SHA256

2f2683e21a11c6ce0848ad2a6ecc8999c91967c15a20bf2ccafe0fb9720b7607
SHA512

c18ce81521811b8f819b2044a004fea89bf1581700f3c0129d5f65c24736f60cb4099c31372f2dcedc63ce37ba956c0d609ce623b6632b4fc88f958545165b14

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 3236	3920	rundll32.exe	67
PID 3920 wrote to memory of 3236	3920	rundll32.exe	67
PID 3920 wrote to memory of 3236	3920	rundll32.exe	67

Blacklisted process makes network request 4 IoCs

flow	pid	Process
5	3236	rundll32.exe
7	3236	rundll32.exe
12	3236	rundll32.exe
14	3236	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3236	rundll32.exe
3236	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-12-of-18.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-12-of-18.bin.dll,#1
  2⤵
  - Blacklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:3236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads