Analysis
-
max time kernel
4294210s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20220223-en -
submitted
09-03-2022 15:43
Static task
static1
Behavioral task
behavioral1
Sample
6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe.dll
Resource
win7-20220223-en
windows7_x64
0 signatures
0 seconds
General
-
Target
6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe.dll
-
Size
148KB
-
MD5
88206b4e6e32939b83b237e6d3ee67a5
-
SHA1
c594ce5c5045dc9c1d5cbe0df99c48493bf5899e
-
SHA256
6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe
-
SHA512
4e6f40b0f1dc03057bb63a82fbc659ea76565761162a631c909c4454408b48f77d4efb499c78643b5dbf2847de7e80da41166f4018a2c9109c5e4119b621e6a9
Malware Config
Extracted
Family
icedid
C2
singularitty.best
zolerasiop.club
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1752-56-0x0000000010000000-0x0000000010006000-memory.dmp IcedidSecondLoader behavioral1/memory/1752-57-0x0000000010000000-0x0000000010039000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 840 wrote to memory of 1752 840 regsvr32.exe regsvr32.exe PID 840 wrote to memory of 1752 840 regsvr32.exe regsvr32.exe PID 840 wrote to memory of 1752 840 regsvr32.exe regsvr32.exe PID 840 wrote to memory of 1752 840 regsvr32.exe regsvr32.exe PID 840 wrote to memory of 1752 840 regsvr32.exe regsvr32.exe PID 840 wrote to memory of 1752 840 regsvr32.exe regsvr32.exe PID 840 wrote to memory of 1752 840 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe.dll1⤵
- Suspicious use of WriteProcessMemory
PID:840 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe.dll2⤵PID:1752
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/840-54-0x000007FEFBAF1000-0x000007FEFBAF3000-memory.dmpFilesize
8KB
-
memory/1752-55-0x0000000075CC1000-0x0000000075CC3000-memory.dmpFilesize
8KB
-
memory/1752-56-0x0000000010000000-0x0000000010006000-memory.dmpFilesize
24KB
-
memory/1752-57-0x0000000010000000-0x0000000010039000-memory.dmpFilesize
228KB
-
memory/1752-58-0x00000000000D0000-0x00000000000D1000-memory.dmpFilesize
4KB