Analysis
-
max time kernel
42s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
13-04-2022 22:45
Static task
static1
Behavioral task
behavioral1
Sample
spisok.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
General
-
Target
spisok.exe
-
Size
2.1MB
-
MD5
c52150ad226963a07cfc144d9cea73c7
-
SHA1
235912e865829ae7b9196fc4a1df4dfe8123dcfb
-
SHA256
ac1d19c5942946f9eee6bc748dee032b97eb3ec3e4bb64fead3e5ac101fb1bc8
-
SHA512
43ae77c0e0c94e7b9525906dae115497c7dd49afabccd64d37b224e75931b09bff8dedf81a9cd3bf9454f75e4a67c4355f19dd8bcbe25b8b06eee32f2240a7cc
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2352744503
C2
rivertimad.com
Signatures
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1636-54-0x0000000140000000-0x000000014000B000-memory.dmp IcedidFirstLoader -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 484 1636 WerFault.exe spisok.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
spisok.exedescription pid process target process PID 1636 wrote to memory of 484 1636 spisok.exe WerFault.exe PID 1636 wrote to memory of 484 1636 spisok.exe WerFault.exe PID 1636 wrote to memory of 484 1636 spisok.exe WerFault.exe