Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
17-11-2021 19:53
Static task
static1
Behavioral task
behavioral1
Sample
Kathleen.xz.0.dr.dll
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Kathleen.xz.0.dr.dll
Resource
win10-en-20211104
windows10_x64
0 signatures
0 seconds
General
-
Target
Kathleen.xz.0.dr.dll
-
Size
108KB
-
MD5
4f2a7160665d709942e866fbc5f87739
-
SHA1
35789f5eee7c38f329eb95c08b6e6cb4666e7b07
-
SHA256
03f5e9a1c5bd9079a54240c6e0443dd0497fbc7580cd75b6a2324111b8d93c76
-
SHA512
52f475bc0a0c1f1523013d7f84262f305bc8bfc49b766e59a94e41b5ca34c01b57c0f101bd8f6a957cf7b35baee7f0a3a2614577082f08f5bfc3bb7ad3d268b7
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
4274986930
C2
aucespoo.ink
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
regsvr32.exepid process 580 regsvr32.exe 580 regsvr32.exe