Analysis
-
max time kernel
679s -
max time network
679s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
13-03-2021 02:54
Static task
static1
Behavioral task
behavioral1
Sample
Runtime.brok2.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Runtime.brok2.dll
-
Size
154KB
-
MD5
c386d9720b578d7390d474aff0857d80
-
SHA1
4dc6fe015674fd5af318176e108e137a6d2ecee6
-
SHA256
503eee9ef80021bf404dd5289ea47903732d5288ae286ca5814ebd25038ce6de
-
SHA512
43c51d6cc4fd55c154a2e525c0012de1ba3171f32c75632fe651752521c83efbaf8ebd1db9c1cd472bbbe68ffa73992edd9d0ce3a0e64681a08edbe2c0698c9d
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2292720537
C2
klicjop9.fun
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1604-3-0x0000000001D90000-0x0000000001D97000-memory.dmp IcedidFirstLoader -
Processes:
resource yara_rule behavioral1/memory/1604-3-0x0000000001D90000-0x0000000001D97000-memory.dmp crime_win32_icedid_stage1 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 1604 regsvr32.exe 1604 regsvr32.exe