Overview

overview

10

Static

static

10

1172-56-0x...ry.dll

windows7_x64

3

1172-56-0x...ry.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1172-56-0x00000000001A0000-0x00000000001AA000-memory.dmp

  • Size

    40KB

  • Sample

    220207-rm1fnsdad4

  • MD5

    53457fa357f45ba219467afdf28c2afe

  • SHA1

    4e3e707c802fc647530171949ec8c8794326fd6a

  • SHA256

    c9f4e72bfeaf8893313679bec867f28cc66e6993956c7c1eacbd6000ff4d89fe

  • SHA512

    e9b2ef36b20353bc2688b38142f3e0364c9f8403a7bf3eb65aa1f54a386de659dfefb4410f775f33e14685759224f8819e64dd2a82d3175173fd34636fb89405

Score
10/10
icedid1732687004

Malware Config

Extracted

Family

icedid

Campaign

1732687004

C2

keepfootbal.com

Targets

    • Target

      1172-56-0x00000000001A0000-0x00000000001AA000-memory.dmp

    • Size

      40KB

    • MD5

      53457fa357f45ba219467afdf28c2afe

    • SHA1

      4e3e707c802fc647530171949ec8c8794326fd6a

    • SHA256

      c9f4e72bfeaf8893313679bec867f28cc66e6993956c7c1eacbd6000ff4d89fe

    • SHA512

      e9b2ef36b20353bc2688b38142f3e0364c9f8403a7bf3eb65aa1f54a386de659dfefb4410f775f33e14685759224f8819e64dd2a82d3175173fd34636fb89405

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks