Analysis
-
max time kernel
103s -
max time network
151s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
30-11-2020 18:39
Static task
static1
Behavioral task
behavioral1
Sample
Donorcasino.dat.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Donorcasino.dat.dll
-
Size
280KB
-
MD5
331976fe1dca57b408fd0150c662e096
-
SHA1
9d1a20b84fe8cf0a3afbecdbe8a4d0b9a6b761e8
-
SHA256
56c26ed446ff536e676969a770d3ca72bd5bb1faf20aa64ecb559cbaab4d36d2
-
SHA512
1390cd65f65e1a2b41307b29d67eedb42cfbe474f7385f827330ea44a12ff84a8271f44c08f1533b4510b058c6bf4f26c5d24c0033a42a3cc00c58926a24c397
Malware Config
Signatures
-
IcedID Core Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1964-3-0x0000000002BA0000-0x0000000002C47000-memory.dmp Icedid_core -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 596 wrote to memory of 1964 596 regsvr32.exe regsvr32.exe PID 596 wrote to memory of 1964 596 regsvr32.exe regsvr32.exe PID 596 wrote to memory of 1964 596 regsvr32.exe regsvr32.exe PID 596 wrote to memory of 1964 596 regsvr32.exe regsvr32.exe PID 596 wrote to memory of 1964 596 regsvr32.exe regsvr32.exe PID 596 wrote to memory of 1964 596 regsvr32.exe regsvr32.exe PID 596 wrote to memory of 1964 596 regsvr32.exe regsvr32.exe