Analysis
-
max time kernel
154s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
19-03-2022 09:49
Static task
static1
Behavioral task
behavioral1
Sample
af779d3768b4efbcc4176a861a572fe3358496a9ef62c41ffb6af288ecefd449.dll
Resource
win7-20220311-en
0 signatures
0 seconds
General
-
Target
af779d3768b4efbcc4176a861a572fe3358496a9ef62c41ffb6af288ecefd449.dll
-
Size
238KB
-
MD5
ca0c92b07a5001adbd263804ccf72f59
-
SHA1
70074da1cf1c144f3372244263d497945545106b
-
SHA256
af779d3768b4efbcc4176a861a572fe3358496a9ef62c41ffb6af288ecefd449
-
SHA512
c4a8710ea6f51e23cebb0948f6d8908ca7beffcb0c3fc6ee274d877197b9833d1405e7abe8049b006a9eadb9923eb3b01b39f4b02e63b820d8cf8eff8e5e7990
Malware Config
Extracted
Family
icedid
C2
felpojdhf8980.cyou
azoperfdeoti85.xyz
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1188-130-0x00000000758A0000-0x00000000758A6000-memory.dmp IcedidSecondLoader behavioral2/memory/1188-131-0x00000000758A0000-0x00000000758EF000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 956 wrote to memory of 1188 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1188 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1188 956 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af779d3768b4efbcc4176a861a572fe3358496a9ef62c41ffb6af288ecefd449.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af779d3768b4efbcc4176a861a572fe3358496a9ef62c41ffb6af288ecefd449.dll,#12⤵