Overview

overview

10

Static

static

10

1068-56-0x...ry.dll

windows7_x64

3

1068-56-0x...ry.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1068-56-0x00000000000B0000-0x00000000000BA000-memory.dmp

  • Size

    40KB

  • Sample

    220207-snmrmsdeeq

  • MD5

    0d3d475bf64bef98334735d4f7fd90dc

  • SHA1

    b567b78afe9744a4bd2de8407d9ddaceb4a14c4a

  • SHA256

    15d323764f3deb22ad43702c2d98a1ae2ac0c94144d9b58b5bd4b718c3e9766e

  • SHA512

    d17eeef0582824c90bd167f2628bc053bc88e103f67008fbfba53d42af29df83ad80be5ac5ec40540ae5ab5b22878d18f0b98f0988eca5415ff50687da061d30

Score
10/10
icedid1732687004

Malware Config

Extracted

Family

icedid

Campaign

1732687004

C2

keepfootbal.com

Targets

    • Target

      1068-56-0x00000000000B0000-0x00000000000BA000-memory.dmp

    • Size

      40KB

    • MD5

      0d3d475bf64bef98334735d4f7fd90dc

    • SHA1

      b567b78afe9744a4bd2de8407d9ddaceb4a14c4a

    • SHA256

      15d323764f3deb22ad43702c2d98a1ae2ac0c94144d9b58b5bd4b718c3e9766e

    • SHA512

      d17eeef0582824c90bd167f2628bc053bc88e103f67008fbfba53d42af29df83ad80be5ac5ec40540ae5ab5b22878d18f0b98f0988eca5415ff50687da061d30

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks