Analysis
-
max time kernel
120s -
max time network
172s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
13-07-2021 16:26
Static task
static1
Behavioral task
behavioral1
Sample
core/cmd.bat
Resource
win7v20210410
Behavioral task
behavioral2
Sample
core/cmd.bat
Resource
win10v20210408
Behavioral task
behavioral3
Sample
core/time-.tmp.dll
Resource
win7v20210410
General
-
Target
core/cmd.bat
-
Size
185B
-
MD5
4bbdb9c9bcebb80825e556fabdde6594
-
SHA1
6f445bffc26058aaba8b1e7a18cfd9a54e912543
-
SHA256
e74a51c4c4c7c1cda6de165bd18d4eac222e3d0305e49305f30dfdf144afe1e2
-
SHA512
49f30deaefcc995f333d0c9b480612f5135c5aeed344df651e87e066ba1b4e88039dfff0425a5f059f09fa42583e79bc94a1526d718fea73f0b32f63b5a00577
Malware Config
Extracted
icedid
81538452
garrozalibbo.click
disponfirules.top
mislinororv.top
twistcolseza.top
-
auth_var
8
-
url_path
/news/
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1032 wrote to memory of 1064 1032 cmd.exe rundll32.exe PID 1032 wrote to memory of 1064 1032 cmd.exe rundll32.exe PID 1032 wrote to memory of 1064 1032 cmd.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\license.datMD5
d8f2ecad59d3424d5241b29a51364442
SHA135fdda949114a600fe8b9c892dfcb13ae07ed8cf
SHA256911f0e7f4b0fd6ec505ce57c03352937da7007f0d47ab589c86da018532deec1
SHA512d4ff95879a48dfcacbb7375be1934dcf6df90d2688a6a38526faaa896298d5dece188aa149648f6d3bc1115bc3c83982e19e446948519892caf5a9f87dfe8d5a
-
memory/1064-60-0x0000000000000000-mapping.dmp
-
memory/1064-61-0x00000000003A0000-0x00000000003A5000-memory.dmpFilesize
20KB