Analysis
-
max time kernel
122s -
max time network
120s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
24-03-2021 17:45
Static task
static1
Behavioral task
behavioral1
Sample
32ea5e14ae2100fdf4da1a6b9762f95b0a63bcf415dd05011f7d4be89cb0de31.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
32ea5e14ae2100fdf4da1a6b9762f95b0a63bcf415dd05011f7d4be89cb0de31.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
32ea5e14ae2100fdf4da1a6b9762f95b0a63bcf415dd05011f7d4be89cb0de31.dll
-
Size
65KB
-
MD5
4f9641305573b67c378989e4c47227e5
-
SHA1
13ef6cac09560ca2d56bdf6cb5ae193c9c358b06
-
SHA256
32ea5e14ae2100fdf4da1a6b9762f95b0a63bcf415dd05011f7d4be89cb0de31
-
SHA512
f92010ebb2cb9022c7a4780c01bfdd610fc86371a578ba54bff155556c28fa535ed81aa982dcf82094f8ad3d75c13bb2f78af121c332181eb78e2c3d31e14954
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3683573724
C2
24savetonnofmaoney.xyz
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1072-3-0x0000000000130000-0x0000000000137000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 1072 regsvr32.exe 1072 regsvr32.exe