Static task
static1
Behavioral task
behavioral1
Sample
1976-62-0x0000000140000000-0x000000014000B000-memory.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
1976-62-0x0000000140000000-0x000000014000B000-memory.exe
Resource
win10v2004-20220331-en
General
-
Target
1976-62-0x0000000140000000-0x000000014000B000-memory.dmp
-
Size
44KB
-
MD5
87301a6b8ee2b53d44e6c1eaf8431e36
-
SHA1
c019266546a16d24e30fcdf02553f80bb201f5e2
-
SHA256
d52d132e54ab4c75bd34f9b8915a3a3728956b202565d5a08264e9aadff13bb9
-
SHA512
352b828cc8c2f5c21b142dcf1fca0568df04d56a5c5c5e2288b33e310191e7cd4902079158d233f81cad6744989aeef96c298232bb3bbc103e36ef833137b257
-
SSDEEP
384:aAybRgY6EAL4eIQsn1pM6+OJh5QX+zzanFN/1wLu0:XbIQsn1x+xuKnFN1wy
Malware Config
Extracted
icedid
2352744503
rivertimad.com
Signatures
Files
-
1976-62-0x0000000140000000-0x000000014000B000-memory.dmp.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.c Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 512B - Virtual size: 6B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 508B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.r Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.d Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE