Analysis
-
max time kernel
126s -
max time network
64s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
06-05-2021 17:02
Static task
static1
Behavioral task
behavioral1
Sample
13fa17bdaa50b6ddeabad9b5ad62e269f81ce1295b5847027afc4fc7ceeb1904.dll
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
13fa17bdaa50b6ddeabad9b5ad62e269f81ce1295b5847027afc4fc7ceeb1904.dll
-
Size
163KB
-
MD5
6e12475814e89c75ead27a22fe4d39e3
-
SHA1
84b8d91aecf42d519c48ec1d1aeae0140d377e33
-
SHA256
13fa17bdaa50b6ddeabad9b5ad62e269f81ce1295b5847027afc4fc7ceeb1904
-
SHA512
09eb974cf50c0be102e0595c48e05537d6c8c2c28bf77b56f4d7b747f6bff718bd33c5e94a33eac7b572b19f33184c27bbbe4b824737b34f156dfbcc2199d020
Malware Config
Extracted
Family
icedid
Campaign
861670232
C2
provokordino.space
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1840-60-0x0000000000130000-0x0000000000137000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 1840 regsvr32.exe 1840 regsvr32.exe