Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
18-04-2022 13:32
Static task
static1
Behavioral task
behavioral1
Sample
59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e.dll
-
Size
185KB
-
MD5
6740fdbc5bc590227fa90d486e6b8724
-
SHA1
a7112baf410fb84e2816ea287a6efbf799457e8f
-
SHA256
59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e
-
SHA512
10fb057e27c129e68045e8d0288341ec477635f209019380c67c3454439d61cff8912885261a996179b100287b998f4242196e6eb45e6120ab20809dcb1557cd
Malware Config
Extracted
Family
icedid
C2
june85.cyou
golddisco.top
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/5080-131-0x00000000749A0000-0x00000000749A6000-memory.dmp IcedidSecondLoader behavioral2/memory/5080-132-0x00000000749A0000-0x00000000749DE000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2988 wrote to memory of 5080 2988 rundll32.exe rundll32.exe PID 2988 wrote to memory of 5080 2988 rundll32.exe rundll32.exe PID 2988 wrote to memory of 5080 2988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59831b3a9e2e80ef5e30210eedfba895fdda9901e6105a0e8a579c819e89e52e.dll,#12⤵