Analysis
-
max time kernel
8s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
01-04-2021 17:44
Static task
static1
Behavioral task
behavioral1
Sample
83eaf3c53ddd3464a09440270750c23e44353da28d86d.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
83eaf3c53ddd3464a09440270750c23e44353da28d86d.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
83eaf3c53ddd3464a09440270750c23e44353da28d86d.dll
-
Size
198KB
-
MD5
23741dd2eb07e9e8788c4c57640e52ab
-
SHA1
2e1a39c95cda5f4ec81cdcfa4ac71c4e6fbd3d8b
-
SHA256
83eaf3c53ddd3464a09440270750c23e44353da28d86d5f0bae3cf658f187e42
-
SHA512
88235e756bb792ab322c4ffe1d40ea74ce9f6db88d50cffd1f947cac5c851be8e1df31748eb0ead7e1094110eb5e5c9dc69a6d1e3b985e111d68c3a1fae5cd5d
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
1584008337
C2
secondpilots.space
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/792-3-0x00000000001C0000-0x00000000001C7000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 792 regsvr32.exe 792 regsvr32.exe