Analysis
-
max time kernel
4294180s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
24-03-2022 19:22
Static task
static1
Behavioral task
behavioral1
Sample
893f1615c8e7470900225101a56bd29e4e5b8047f1fc707d51a13dfe9629b32e.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
General
-
Target
893f1615c8e7470900225101a56bd29e4e5b8047f1fc707d51a13dfe9629b32e.dll
-
Size
180KB
-
MD5
f4cd44721385fe004497dbb42fb2a237
-
SHA1
66e7c0815f3ca18814040e932f35673963e94353
-
SHA256
893f1615c8e7470900225101a56bd29e4e5b8047f1fc707d51a13dfe9629b32e
-
SHA512
2fe1b2c27e3bcf4a65c8cbf345b65c7edc2821fa19f8012c1a4dad02986f27028193847926f09d916735505eb25becac60d1037fa154134a519b1a2bdf93f2fb
Malware Config
Extracted
Family
icedid
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/572-56-0x00000000755A0000-0x00000000755A9000-memory.dmp IcedidFirstLoader -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1180 wrote to memory of 572 1180 rundll32.exe rundll32.exe PID 1180 wrote to memory of 572 1180 rundll32.exe rundll32.exe PID 1180 wrote to memory of 572 1180 rundll32.exe rundll32.exe PID 1180 wrote to memory of 572 1180 rundll32.exe rundll32.exe PID 1180 wrote to memory of 572 1180 rundll32.exe rundll32.exe PID 1180 wrote to memory of 572 1180 rundll32.exe rundll32.exe PID 1180 wrote to memory of 572 1180 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\893f1615c8e7470900225101a56bd29e4e5b8047f1fc707d51a13dfe9629b32e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\893f1615c8e7470900225101a56bd29e4e5b8047f1fc707d51a13dfe9629b32e.dll,#12⤵