Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220331-en -
submitted
11-04-2022 13:09
Static task
static1
Behavioral task
behavioral1
Sample
7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
General
-
Target
7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exe
-
Size
1.1MB
-
MD5
6dc83f59165bb7ef47fa4028cf3f6654
-
SHA1
0629137b72eeb02e7cc74043bda5874696bba386
-
SHA256
7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a
-
SHA512
40a897766f42395a2bfe7be6f4d282f38ef67b94183f9625b6241d811a17b13a1349cef7a28972138ac28bc103d3cb956316eb820462ad6710b038f0f6b1701a
Malware Config
Extracted
Family
icedid
Campaign
468039940
C2
arelyevennot.top
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4812-124-0x0000022DE8DB0000-0x0000022DE8DBB000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exepid process 4812 7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exe 4812 7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exepid process 4812 7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exe"C:\Users\Admin\AppData\Local\Temp\7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4812-124-0x0000022DE8DB0000-0x0000022DE8DBB000-memory.dmpFilesize
44KB