Analysis
-
max time kernel
137s -
max time network
178s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
21-07-2021 19:58
Static task
static1
Behavioral task
behavioral1
Sample
9944404c61248373a7856f5293d89af8fde2e5cf968b394bebaa84fed6d6fe61.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
9944404c61248373a7856f5293d89af8fde2e5cf968b394bebaa84fed6d6fe61.exe
-
Size
323KB
-
MD5
3faec30bdd89e0b3ae2f6bee7150141e
-
SHA1
ec56188a3a8b46e0e6575f32bd175aade9cbd572
-
SHA256
9944404c61248373a7856f5293d89af8fde2e5cf968b394bebaa84fed6d6fe61
-
SHA512
61eff05915699e5df4f200fdb0b9acbf6c275b95f41c0f2ad40e62d0b2080e7c1b3ec1c7a64be0629bddfc2ddacdddc2f4f5e43c405f1f283937929c5101fd80
Malware Config
Extracted
Family
icedid
C2
fillerwinner.best
fleightfreight.best
chinatrades.best
hongcontrol.best
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral1/memory/736-61-0x00000000003E0000-0x00000000003E6000-memory.dmp IcedidSecondLoader behavioral1/memory/736-64-0x0000000000390000-0x0000000000393000-memory.dmp IcedidSecondLoader -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
9944404c61248373a7856f5293d89af8fde2e5cf968b394bebaa84fed6d6fe61.exepid process 736 9944404c61248373a7856f5293d89af8fde2e5cf968b394bebaa84fed6d6fe61.exe 736 9944404c61248373a7856f5293d89af8fde2e5cf968b394bebaa84fed6d6fe61.exe