Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
27-04-2022 14:08
Static task
static1
Behavioral task
behavioral1
Sample
f783ff9ae1b860902ce8ce8e084234c7fdee3b231d7b35d90300be4610d7a016.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
f783ff9ae1b860902ce8ce8e084234c7fdee3b231d7b35d90300be4610d7a016.dll
-
Size
460KB
-
MD5
ff96581bcf744d9ae4f9e428528a9ca6
-
SHA1
74a17687ae18f4b353e6572eb6176f5038a73efe
-
SHA256
f783ff9ae1b860902ce8ce8e084234c7fdee3b231d7b35d90300be4610d7a016
-
SHA512
ef602cf0e37ab54c2f7b388b573e05cbfd93572a5501d2ba3630a7ee108cadb78631e91ba342df45eab9c9c7c5832a94ae22576bbd53d7136a28628fd72ca13a
Malware Config
Extracted
Family
icedid
C2
karimorodrigo.pw
airtopolos.best
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/5004-131-0x0000000075740000-0x0000000075746000-memory.dmp IcedidSecondLoader behavioral2/memory/5004-132-0x0000000075740000-0x00000000757B7000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3208 wrote to memory of 5004 3208 rundll32.exe rundll32.exe PID 3208 wrote to memory of 5004 3208 rundll32.exe rundll32.exe PID 3208 wrote to memory of 5004 3208 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f783ff9ae1b860902ce8ce8e084234c7fdee3b231d7b35d90300be4610d7a016.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f783ff9ae1b860902ce8ce8e084234c7fdee3b231d7b35d90300be4610d7a016.dll,#12⤵