a421e1ac6cd39b7709d8929329b2135cb0f1eaea48edc296d03f0b3f41058282 | Triage

Analysis

max time kernel
135s
max time network
71s
platform
windows10_x64
resource
win10v200430
submitted
15-07-2020 08:20

Sharing

Report Analysis Logs

General

Target

2020-07-14-DLL-for-IcedID-installer-example-07-of-18.bin.dll
Size

159KB
MD5

df13fa6863bf439d737c01966b487e69
SHA1

c2b99b05a4dd23c3cf96f9e23a5f8c88ab89763f
SHA256

a421e1ac6cd39b7709d8929329b2135cb0f1eaea48edc296d03f0b3f41058282
SHA512

0e583fa19b144df61a7c72793a06773226b36eddbf2587ab5c6c7c68210754c19c8765bd8e14d458e3d7464d8eb030b46ca5b7a3eede96ab844b44b9efec23c7

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 1432	3160	rundll32.exe	67
PID 3160 wrote to memory of 1432	3160	rundll32.exe	67
PID 3160 wrote to memory of 1432	3160	rundll32.exe	67

Blacklisted process makes network request 4 IoCs

flow	pid	Process
9	1432	rundll32.exe
11	1432	rundll32.exe
13	1432	rundll32.exe
15	1432	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1432	rundll32.exe
1432	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-07-of-18.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-07-of-18.bin.dll,#1
  2⤵
  - Blacklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:1432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads