253af6bb3c7415b92c05c70a9893ad9cb736d8139c0dfeddce3719a731a7fceb | Triage

Analysis

max time kernel
123s
max time network
126s
platform
windows10_x64
resource
win10
submitted
17-07-2020 07:30

Sharing

Report Analysis Logs

General

Target

IcedID (4).dll
Size

204KB
MD5

ac200d39d4c44dd9031bfdab32f4137c
SHA1

efb34e5ba8ffd92ea1cc027f7b03e052ca35181d
SHA256

253af6bb3c7415b92c05c70a9893ad9cb736d8139c0dfeddce3719a731a7fceb
SHA512

6287809699d74b621fea679bccd737ac0094e61b5df516eed9251dad8479d084e496d5c8d25ab376e28bb51ddb64f8a16e456a771e1834f5635b13b4e97a7a39

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 720 wrote to memory of 336	720	rundll32.exe	67
PID 720 wrote to memory of 336	720	rundll32.exe	67
PID 720 wrote to memory of 336	720	rundll32.exe	67

Blacklisted process makes network request 11 IoCs

flow	pid	Process
5	336	rundll32.exe
7	336	rundll32.exe
8	336	rundll32.exe
10	336	rundll32.exe
12	336	rundll32.exe
14	336	rundll32.exe
16	336	rundll32.exe
18	336	rundll32.exe
20	336	rundll32.exe
22	336	rundll32.exe
24	336	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
336	rundll32.exe
336	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\IcedID (4).dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\IcedID (4).dll",#1
  2⤵
  - Blacklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads