Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
14-04-2022 14:27
Static task
static1
Behavioral task
behavioral1
Sample
47eccb3bfd568130bdc9833be94ba9e4d101a73fa6782efdc83662297d1e6de8.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
General
-
Target
47eccb3bfd568130bdc9833be94ba9e4d101a73fa6782efdc83662297d1e6de8.dll
-
Size
120KB
-
MD5
ef2fc6976cede1a029e2a8a0de3372de
-
SHA1
7ed2914017b73ff0590da88a01dc909ee094dad8
-
SHA256
47eccb3bfd568130bdc9833be94ba9e4d101a73fa6782efdc83662297d1e6de8
-
SHA512
774eccb2e3cd2dadce826ce2f4c32f38c06979cfc48c014f2d575ef8be28b038f5d665ca2c8025a9dec674125641d2ed309d0a05f8f3bae587cee4cb8ab7fab8
Malware Config
Extracted
Family
icedid
C2
lookatnice.top
littyfahren.club
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4200-131-0x00000000755B0000-0x00000000755B6000-memory.dmp IcedidSecondLoader behavioral2/memory/4200-132-0x00000000755B0000-0x00000000755DA000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1416 wrote to memory of 4200 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 4200 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 4200 1416 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\47eccb3bfd568130bdc9833be94ba9e4d101a73fa6782efdc83662297d1e6de8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\47eccb3bfd568130bdc9833be94ba9e4d101a73fa6782efdc83662297d1e6de8.dll,#12⤵