Analysis
-
max time kernel
160s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
19-03-2022 12:50
Static task
static1
Behavioral task
behavioral1
Sample
7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9.dll
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
General
-
Target
7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9.dll
-
Size
120KB
-
MD5
b2b8bb419ba5c755a2421fa4837edb8a
-
SHA1
5c6b77d47ab76bbb18be66406b312279ac8d3a43
-
SHA256
7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9
-
SHA512
4a956933949a581124c6dfbdbe85da6cd202c0b9f7f7dacca12ca221c580ee63487af0c4f82c6c896febc97c3974b4ef85d60d735c5bc95b5618a4e616731d99
Malware Config
Extracted
Family
icedid
C2
cloudsappert.best
arrowcaps.top
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4360-130-0x00000000755A0000-0x00000000755A6000-memory.dmp IcedidSecondLoader behavioral2/memory/4360-131-0x00000000755A0000-0x00000000755D2000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4300 wrote to memory of 4360 4300 rundll32.exe rundll32.exe PID 4300 wrote to memory of 4360 4300 rundll32.exe rundll32.exe PID 4300 wrote to memory of 4360 4300 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7bccfc61a20ca41af1dda01f9032ca365da092ade00699fe119eb63810b57da9.dll,#12⤵