Resubmissions
10-04-2022 01:27
220410-bvcftafdg7 310-04-2022 01:26
220410-btybwsccap 1022-03-2022 15:08
220322-shwscscegp 10Analysis
-
max time kernel
1765s -
max time network
1620s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
10-04-2022 01:26
Static task
static1
Behavioral task
behavioral1
Sample
dar.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
dar.dll
Resource
win10v2004-20220331-en
Behavioral task
behavioral3
Sample
document.lnk
Resource
win7-20220331-en
Behavioral task
behavioral4
Sample
document.lnk
Resource
win10v2004-20220331-en
General
-
Target
document.lnk
-
Size
1KB
-
MD5
adf0907a6114c2b55349c08251efdf50
-
SHA1
aa25ae2f9dbe514169f4526ef4a61c1feeb1386a
-
SHA256
3bb2f8c2d2d1c8da2a2051bd9621099689c5cd0a6b12aa8cb5739759e843e5e6
-
SHA512
12d8f47079c712c0fd231ddb5dd7669e1345a3c1f531732b5ecb35895c98acbfb7a5fa49ca63e71084378355646baaa7bf8b3e10edaddf71d58a7ccde9c7f896
Malware Config
Extracted
icedid
3529509686
oceriesfornot.top
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1000 rundll32.exe 1000 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1784 wrote to memory of 1000 1784 cmd.exe rundll32.exe PID 1784 wrote to memory of 1000 1784 cmd.exe rundll32.exe PID 1784 wrote to memory of 1000 1784 cmd.exe rundll32.exe