Overview

overview

8

Static

static

IcedID (6).dll

windows7_x64

8

IcedID (6).dll

windows10_x64

8

Analysis

  • max time kernel
    66s
  • max time network
    69s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    17-07-2020 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IcedID (6).dll

  • Size

    204KB

  • MD5

    618cd194f5958021b9b4cdaa1c873bd9

  • SHA1

    c9702e6942c867a2139d4ea3b491cac3df065973

  • SHA256

    22a028d138a87ac7c6f7e5eb054032eecddae1a76361c9443095e65fb6f51850

  • SHA512

    33d0a080fe3c02ba8d948db7617efed9cc34e32b2fef8c1a546c0a4aaa974e3b351f6b013a4253dec3f3fdae4a3c030ed440b3a3f84cb7923fb312cad3c84591

Score
8/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Blacklisted process makes network request 11 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\IcedID (6).dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3536
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\IcedID (6).dll",#1
      2⤵
      • Blacklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:3580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads