Analysis
-
max time kernel
125s -
max time network
125s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
06-05-2021 12:27
Static task
static1
Behavioral task
behavioral1
Sample
8336ac38c10494d7e432640776b13511edd20d709dc74e9455cbd167b9f81364.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
8336ac38c10494d7e432640776b13511edd20d709dc74e9455cbd167b9f81364.dll
-
Size
162KB
-
MD5
401d5da79e88600ab084da7de03ff5eb
-
SHA1
0afd17ff7908e6d8779a75ee90edc5c4d1946c72
-
SHA256
8336ac38c10494d7e432640776b13511edd20d709dc74e9455cbd167b9f81364
-
SHA512
34f1400e8e75996683f02b8085e0aaa249e4e9064b710ab80e7ffb40c706e732950210b47b9c0469c3fa3b2fb1aaa95f89881a21b7ffee3654ec222ccc1f72f0
Malware Config
Extracted
Family
icedid
Campaign
861670232
C2
provokordino.space
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/808-114-0x0000000001380000-0x0000000001387000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 808 regsvr32.exe 808 regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/808-114-0x0000000001380000-0x0000000001387000-memory.dmpFilesize
28KB