Analysis
-
max time kernel
300s -
max time network
260s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
13-04-2022 22:45
Static task
static1
Behavioral task
behavioral1
Sample
spisok.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
General
-
Target
spisok.exe
-
Size
2.1MB
-
MD5
c52150ad226963a07cfc144d9cea73c7
-
SHA1
235912e865829ae7b9196fc4a1df4dfe8123dcfb
-
SHA256
ac1d19c5942946f9eee6bc748dee032b97eb3ec3e4bb64fead3e5ac101fb1bc8
-
SHA512
43ae77c0e0c94e7b9525906dae115497c7dd49afabccd64d37b224e75931b09bff8dedf81a9cd3bf9454f75e4a67c4355f19dd8bcbe25b8b06eee32f2240a7cc
Malware Config
Extracted
Family
icedid
Campaign
2352744503
C2
rivertimad.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4564-130-0x0000000140000000-0x000000014000B000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
spisok.exepid process 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe 4564 spisok.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4564-130-0x0000000140000000-0x000000014000B000-memory.dmpFilesize
44KB