Analysis
-
max time kernel
4294178s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
30-03-2022 15:52
Static task
static1
Behavioral task
behavioral1
Sample
minro.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
minro.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
minro.exe
-
Size
124KB
-
MD5
ce1539475ce2370e67ff45868f1cb716
-
SHA1
e034a40c372166b03e9aa3c72cb48f078517c64c
-
SHA256
ca570a986de6c604f66b9a08774e38cc17b2b97563b73d7cb0898f2cc7f98b9a
-
SHA512
b2fc10cf7ccd7c24cfc7246ed6face81b1076d215f1464abce381d8237062961ccbf796897cd0012ca6af662f22de4220ad36183834161fe8be52aac281c5abf
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
1666752692
C2
ritionalvalueon.top
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1168-54-0x0000000000020000-0x000000000002B000-memory.dmp IcedidFirstLoader -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1800 1168 WerFault.exe minro.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
minro.exedescription pid process target process PID 1168 wrote to memory of 1800 1168 minro.exe WerFault.exe PID 1168 wrote to memory of 1800 1168 minro.exe WerFault.exe PID 1168 wrote to memory of 1800 1168 minro.exe WerFault.exe