Analysis
-
max time kernel
5s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
19-03-2021 14:19
Static task
static1
Behavioral task
behavioral1
Sample
pe.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
pe.dll
-
Size
64KB
-
MD5
d94e2269268320cf3426f726c0c8d62f
-
SHA1
f823ded4c652897e471eb8a77bd609f52105ac0c
-
SHA256
55c993236d58f2c205f8c9c1f7893785d20d655667e61fed2850160e5f9dc4fb
-
SHA512
011675a9e9b2e44ce02e04cb5d87c3d9e564e07317ea508e718f7ec9b572413ea8a05557c310a94fddb5b03017c240b33e5ebab08c9e26198b20996185412a0e
Malware Config
Extracted
Family
icedid
Campaign
2046050
C2
calldivorce.fun
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1832-3-0x0000000000130000-0x0000000000137000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 1832 regsvr32.exe 1832 regsvr32.exe