Analysis
-
max time kernel
125s -
max time network
128s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
11-11-2021 12:40
Static task
static1
Behavioral task
behavioral1
Sample
5C733D57143D5FD9777DAEE8AEC2E907DBF31BA9ACB97.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
General
-
Target
5C733D57143D5FD9777DAEE8AEC2E907DBF31BA9ACB97.exe
-
Size
1.2MB
-
MD5
37fa9f54837a71c9fc640ac78cac9646
-
SHA1
4177211a427d5710e02ce37b2fdc4ef62b174067
-
SHA256
5c733d57143d5fd9777daee8aec2e907dbf31ba9acb97ed1a3ae9cbcd3bc01d3
-
SHA512
f99e17855f15f78c7bbc47d2141a2be8e3e5a9acfbed26c4ffbda6d5bfaea990ecbb00c9e69cb60402b7235fb1482216c51ca5542cec7f877e82ae62cf9761b6
Malware Config
Extracted
Family
icedid
Campaign
949083261
C2
kitchenbiggy.best
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2904-118-0x0000000140000000-0x0000000140007000-memory.dmp crime_ICEDID_win64_gziploader -
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
suricata: ET MALWARE Win32/IcedID Requesting Encoded Binary M4
suricata: ET MALWARE Win32/IcedID Requesting Encoded Binary M4
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2904-118-0x0000000140000000-0x0000000140007000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
5C733D57143D5FD9777DAEE8AEC2E907DBF31BA9ACB97.exepid process 2904 5C733D57143D5FD9777DAEE8AEC2E907DBF31BA9ACB97.exe 2904 5C733D57143D5FD9777DAEE8AEC2E907DBF31BA9ACB97.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2904-118-0x0000000140000000-0x0000000140007000-memory.dmpFilesize
28KB