Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-04-2022 09:42
Static task
static1
Behavioral task
behavioral1
Sample
034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a.dll
-
Size
185KB
-
MD5
e58ddf98177c97259920dce7c84a32cc
-
SHA1
a805db2a378e6f43456f7f1a5818aade13446a2c
-
SHA256
034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a
-
SHA512
9da3259c64fe875af06d3367194b9158d13e54ab4df027cda8c0ad9606a72629d7677acb711c69567e61f4bb0be20219082d6e172d4e1e01895db10629e23f17
Malware Config
Extracted
Family
icedid
C2
june85.cyou
golddisco.top
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/5024-131-0x0000000075670000-0x0000000075676000-memory.dmp IcedidSecondLoader behavioral2/memory/5024-132-0x0000000075670000-0x00000000756AE000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5000 wrote to memory of 5024 5000 rundll32.exe rundll32.exe PID 5000 wrote to memory of 5024 5000 rundll32.exe rundll32.exe PID 5000 wrote to memory of 5024 5000 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a.dll,#12⤵