Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-04-2022 09:42
Static task
static1
Behavioral task
behavioral1
Sample
a807b336b35997f55cf967d40e42d0b9112a09293a92b3b344859cf40541cc60.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
a807b336b35997f55cf967d40e42d0b9112a09293a92b3b344859cf40541cc60.dll
-
Size
185KB
-
MD5
6fec1905fbc51997dbc335fe5a9d1ac7
-
SHA1
d057669cdadecf5d44ef23bc7301dad0a48d73fe
-
SHA256
a807b336b35997f55cf967d40e42d0b9112a09293a92b3b344859cf40541cc60
-
SHA512
5b0a1d6af25b6a7bdf7a43dfb1b9af19c8f7e7deafa8209a2dc2e491484e3823f60bdb66225ae1e6da0d0f266e324273d75f73c29bc0d6221242ceeddcbe0bcd
Malware Config
Extracted
Family
icedid
C2
june85.cyou
golddisco.top
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1996-56-0x0000000074CE0000-0x0000000074CE6000-memory.dmp IcedidSecondLoader behavioral1/memory/1996-57-0x0000000074CE0000-0x0000000074D1E000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a807b336b35997f55cf967d40e42d0b9112a09293a92b3b344859cf40541cc60.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a807b336b35997f55cf967d40e42d0b9112a09293a92b3b344859cf40541cc60.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1996-54-0x0000000000000000-mapping.dmp
-
memory/1996-55-0x00000000753E1000-0x00000000753E3000-memory.dmpFilesize
8KB
-
memory/1996-56-0x0000000074CE0000-0x0000000074CE6000-memory.dmpFilesize
24KB
-
memory/1996-57-0x0000000074CE0000-0x0000000074D1E000-memory.dmpFilesize
248KB