Analysis
-
max time kernel
4294179s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
31-03-2022 11:56
Static task
static1
Behavioral task
behavioral1
Sample
minro.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
minro.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
minro.exe
-
Size
124KB
-
MD5
46de3a8f04fcbed38a7d73bfc50f240a
-
SHA1
24dff443e7051c0c15d79ca4d47c82dc38d20ad5
-
SHA256
e4e4e02e3e2dec5358eab422c2bad873d816569f03df68f8372e3d25a2f05a22
-
SHA512
7c65bd8afd6aa3c1f9619b67c655897858d0988558faa13e7c21f6f0140bf075ab86b720196abdcfd39db328eb332d407fc3418b0c8a9dbdddf37ac1f81e3b22
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
1666752692
C2
ritionalvalueon.top
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/784-54-0x0000000140000000-0x000000014000B000-memory.dmp IcedidFirstLoader -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 948 784 WerFault.exe minro.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
minro.exedescription pid process target process PID 784 wrote to memory of 948 784 minro.exe WerFault.exe PID 784 wrote to memory of 948 784 minro.exe WerFault.exe PID 784 wrote to memory of 948 784 minro.exe WerFault.exe