Analysis
-
max time kernel
129s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
19-03-2022 11:29
Static task
static1
Behavioral task
behavioral1
Sample
939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871.dll
Resource
win7-20220311-en
0 signatures
0 seconds
General
-
Target
939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871.dll
-
Size
326KB
-
MD5
25da777ea2fa0c4c4b8c63a56cb01260
-
SHA1
4825ecd5a271db4bb96be50a4a91ae57896b974e
-
SHA256
939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871
-
SHA512
50eef55b472325345d9565b47941aa1879e43408352f6cd3c419e8f587f319cce8a54a155f133101f07a1236dc127e01f7409ac52d04b746721e8cd883b28b31
Malware Config
Extracted
Family
icedid
Signatures
-
IcedID First Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/2452-130-0x0000000075760000-0x0000000075769000-memory.dmp IcedidFirstLoader behavioral2/memory/2452-131-0x0000000075760000-0x00000000757C7000-memory.dmp IcedidFirstLoader -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4500 2452 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2184 wrote to memory of 2452 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2452 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2452 2184 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2452 -ip 24521⤵