Analysis
-
max time kernel
7s -
max time network
66s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 21:35
Static task
static1
Behavioral task
behavioral1
Sample
8929982d9f3d979174b880297e3fd2a81f359d6bf7ab0d47ec0207da8dfa7b72.exe
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
8929982d9f3d979174b880297e3fd2a81f359d6bf7ab0d47ec0207da8dfa7b72.exe
-
Size
409KB
-
MD5
1ab15c4f1e6d6ebb7ac973e65730ea47
-
SHA1
66f368b0a24c30b3c89229e90c927d68a9670692
-
SHA256
8929982d9f3d979174b880297e3fd2a81f359d6bf7ab0d47ec0207da8dfa7b72
-
SHA512
b837fa6e727b45f1fe8aebab2ccd05ae1bdb396dfdb12894d2fe5773c1a84479386ac2243a760d0d1fae31420664124d128c15459ed4271cf57377c2fb2052ee
Malware Config
Extracted
Family
icedid
C2
boatliker.top
autofiller.top
Signatures
-
IcedID Core Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1992-1-0x0000000003040000-0x00000000030E6000-memory.dmp Icedid_core -
IcedID Second Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1992-0-0x00000000003F0000-0x00000000003F6000-memory.dmp IcedidSecondLoader -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
8929982d9f3d979174b880297e3fd2a81f359d6bf7ab0d47ec0207da8dfa7b72.exepid process 1992 8929982d9f3d979174b880297e3fd2a81f359d6bf7ab0d47ec0207da8dfa7b72.exe 1992 8929982d9f3d979174b880297e3fd2a81f359d6bf7ab0d47ec0207da8dfa7b72.exe