Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
13-04-2022 17:19
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
General
-
Target
tmp.exe
-
Size
2.1MB
-
MD5
c52150ad226963a07cfc144d9cea73c7
-
SHA1
235912e865829ae7b9196fc4a1df4dfe8123dcfb
-
SHA256
ac1d19c5942946f9eee6bc748dee032b97eb3ec3e4bb64fead3e5ac101fb1bc8
-
SHA512
43ae77c0e0c94e7b9525906dae115497c7dd49afabccd64d37b224e75931b09bff8dedf81a9cd3bf9454f75e4a67c4355f19dd8bcbe25b8b06eee32f2240a7cc
Malware Config
Extracted
Family
icedid
Campaign
2352744503
C2
rivertimad.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
IcedID First Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4560-130-0x0000000140000000-0x000000014000B000-memory.dmp IcedidFirstLoader -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
tmp.exepid process 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe 4560 tmp.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4560-130-0x0000000140000000-0x000000014000B000-memory.dmpFilesize
44KB