Analysis
-
max time kernel
3s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
24-03-2021 18:17
Static task
static1
Behavioral task
behavioral1
Sample
c4198954a8ca7a8c0852cc20d31cc610.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c4198954a8ca7a8c0852cc20d31cc610.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
c4198954a8ca7a8c0852cc20d31cc610.dll
-
Size
79KB
-
MD5
c4198954a8ca7a8c0852cc20d31cc610
-
SHA1
0f9d51aad08dd187942fdfa4fb321ae5b3adee32
-
SHA256
e74355c561713b916dc271420805d700a427e7b8fe673881121a9ac853b96a4b
-
SHA512
8a3cc188fc831e0aec42c5d203045f73139a7320ceb473fa8b5b44f8f21a069d9af80515224104bcd64563118ff7e269841b1a3ac73cddd67e976dea75cf89bb
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
1211238709
C2
912caporers.fun
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1680-3-0x00000000004B0000-0x00000000004B7000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 1680 regsvr32.exe 1680 regsvr32.exe