Analysis
-
max time kernel
4294178s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
29-03-2022 20:58
Static task
static1
Behavioral task
behavioral1
Sample
bf5309d3536cb55f8a052ad35576866f.exe
Resource
win7-20220311-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
bf5309d3536cb55f8a052ad35576866f.exe
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
bf5309d3536cb55f8a052ad35576866f.exe
-
Size
104KB
-
MD5
bf5309d3536cb55f8a052ad35576866f
-
SHA1
db0d76c50077280cc66b6d7c0084472575c235f8
-
SHA256
a1d05aa1324fdc04e7698fbc3a4f212013b2bf7d7531b317d0b76e832d97a841
-
SHA512
ff06f9b89ca1e886887e5866f90775c2e56701491215e99d933b786ec75758095c00dba22ec5daba5a7ed1bdb3fab415ddb5922715bd3da32e237dca50ada4c8
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
1798566902
C2
rivertimad.com
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1808-54-0x0000000140000000-0x000000014000B000-memory.dmp IcedidFirstLoader -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1684 1808 WerFault.exe bf5309d3536cb55f8a052ad35576866f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
bf5309d3536cb55f8a052ad35576866f.exedescription pid process target process PID 1808 wrote to memory of 1684 1808 bf5309d3536cb55f8a052ad35576866f.exe WerFault.exe PID 1808 wrote to memory of 1684 1808 bf5309d3536cb55f8a052ad35576866f.exe WerFault.exe PID 1808 wrote to memory of 1684 1808 bf5309d3536cb55f8a052ad35576866f.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf5309d3536cb55f8a052ad35576866f.exe"C:\Users\Admin\AppData\Local\Temp\bf5309d3536cb55f8a052ad35576866f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1808 -s 322⤵
- Program crash