a8967cdcb91ea12285cd9f365ef73895bf90283dbc00f197cfb49cec3c8c3886 | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows10_x64
resource
win10
submitted
15/07/2020, 08:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2020-07-14-DLL-for-IcedID-installer-example-11-of-18.bin.dll
Size

159KB
MD5

f09094b471f210580e09d4af80a29779
SHA1

2326aa54f2e385fb44aac5e29caf6f2700424cab
SHA256

a8967cdcb91ea12285cd9f365ef73895bf90283dbc00f197cfb49cec3c8c3886
SHA512

c2b73d28e3f75d3a6d63fd74b0c87263e8c3386b13a62396c516eca09037da23c64a8480dfca4f1940fb9e83977646ef8a063bf45cc3ca59b04e7dd5566a7250

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 3892	3888	rundll32.exe	67
PID 3888 wrote to memory of 3892	3888	rundll32.exe	67
PID 3888 wrote to memory of 3892	3888	rundll32.exe	67

Blacklisted process makes network request 4 IoCs

flow	pid	Process
7	3892	rundll32.exe
9	3892	rundll32.exe
14	3892	rundll32.exe
16	3892	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3892	rundll32.exe
3892	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-11-of-18.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-07-14-DLL-for-IcedID-installer-example-11-of-18.bin.dll,#1
  2⤵
  - Blacklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:3892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads