Analysis
-
max time kernel
527s -
max time network
528s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-03-2021 16:51
Static task
static1
Behavioral task
behavioral1
Sample
zfbfg.ere.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
zfbfg.ere.dll
-
Size
156KB
-
MD5
6dafdbbcce799f332033b3498aebb8d6
-
SHA1
a09e3c1b36e0c543d64c1417c070b011d0b6eb23
-
SHA256
b7b6fd7461869a41bf7a4e3d8b55ddb3c2189c618f524b4780de4536bf24ab5b
-
SHA512
39652ce06dc1110da31bbf9e80196b294fabb06bbf954f429b9c3c84fca10d0376176f465de88107dfb4a40e65844f0ddc1a9d2f3f84c8532b2ad1ea7ea2712f
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3590845772
C2
emanielepolikutuo1.website
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1968-3-0x00000000001E0000-0x00000000001E7000-memory.dmp IcedidFirstLoader -
Processes:
resource yara_rule behavioral1/memory/1968-3-0x00000000001E0000-0x00000000001E7000-memory.dmp crime_win32_icedid_stage1 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 1968 regsvr32.exe 1968 regsvr32.exe