Analysis
-
max time kernel
4294209s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220223-en -
submitted
07-03-2022 10:45
Static task
static1
Behavioral task
behavioral1
Sample
a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7.dll
Resource
win7-20220223-en
windows7_x64
0 signatures
0 seconds
General
-
Target
a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7.dll
-
Size
149KB
-
MD5
cdb6222d629d727740bb9eae252df37d
-
SHA1
691de2ca7831b6daba56a86d16682039bc9c1cf0
-
SHA256
a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7
-
SHA512
1326a3f9c05c2db8633695b4ba65673b212db68dd61596168ce82f2e90f75d47d563b3786e707e6e99a4af3745604b07e3310b747cc933de0fb27d2425fe4174
Malware Config
Extracted
Family
icedid
C2
rotmistr.club
5kilozhuto.top
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1564-55-0x0000000074C40000-0x0000000074C46000-memory.dmp IcedidSecondLoader behavioral1/memory/1564-56-0x0000000074C40000-0x0000000074C78000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1104 wrote to memory of 1564 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1564 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1564 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1564 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1564 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1564 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1564 1104 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7.dll,#12⤵PID:1564
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1564-54-0x0000000074FF1000-0x0000000074FF3000-memory.dmpFilesize
8KB
-
memory/1564-55-0x0000000074C40000-0x0000000074C46000-memory.dmpFilesize
24KB
-
memory/1564-56-0x0000000074C40000-0x0000000074C78000-memory.dmpFilesize
224KB
-
memory/1564-57-0x0000000000130000-0x0000000000131000-memory.dmpFilesize
4KB