Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
17-04-2022 07:05
Static task
static1
Behavioral task
behavioral1
Sample
68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff.dll
-
Size
632KB
-
MD5
9760913fb7948f2983831d71a533a650
-
SHA1
af5eaf010e47eb1c4b073f31aa725df0e5547a25
-
SHA256
68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff
-
SHA512
0c2b846b0836fa8a3669f736fa3db69fb04491dba67cb798556b290a97915b6d149b58a0b6cc96be9bbed3d0686da048f7f071ad3cf6fec3ea70c70ad0ba964a
Malware Config
Extracted
Family
icedid
C2
june85.cyou
golddisco.top
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1776-56-0x0000000074200000-0x00000000747AE000-memory.dmp IcedidSecondLoader behavioral1/memory/1776-57-0x0000000074200000-0x0000000074206000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1732 wrote to memory of 1776 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1776 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1776 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1776 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1776 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1776 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1776 1732 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1776-54-0x0000000000000000-mapping.dmp
-
memory/1776-55-0x00000000754A1000-0x00000000754A3000-memory.dmpFilesize
8KB
-
memory/1776-56-0x0000000074200000-0x00000000747AE000-memory.dmpFilesize
5.7MB
-
memory/1776-57-0x0000000074200000-0x0000000074206000-memory.dmpFilesize
24KB