Analysis
-
max time kernel
123s -
max time network
66s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
05-05-2021 18:59
Static task
static1
Behavioral task
behavioral1
Sample
401d5da79e88600ab084da7de03ff5eb.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
401d5da79e88600ab084da7de03ff5eb.dll
-
Size
162KB
-
MD5
401d5da79e88600ab084da7de03ff5eb
-
SHA1
0afd17ff7908e6d8779a75ee90edc5c4d1946c72
-
SHA256
8336ac38c10494d7e432640776b13511edd20d709dc74e9455cbd167b9f81364
-
SHA512
34f1400e8e75996683f02b8085e0aaa249e4e9064b710ab80e7ffb40c706e732950210b47b9c0469c3fa3b2fb1aaa95f89881a21b7ffee3654ec222ccc1f72f0
Malware Config
Extracted
Family
icedid
Campaign
861670232
C2
provokordino.space
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2000-60-0x00000000001B0000-0x00000000001B7000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 2000 regsvr32.exe 2000 regsvr32.exe