Analysis
-
max time kernel
153s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 22:46
Static task
static1
Behavioral task
behavioral1
Sample
48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6.dll
Resource
win7-20220414-en
General
-
Target
48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6.dll
-
Size
186KB
-
MD5
70c7108b898eb8b6c058a7c8c2994f96
-
SHA1
1ecc6f1a3f069588c2b25bf130587a0e67bf0997
-
SHA256
48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6
-
SHA512
a52afc3fc1bdb105ba8667bd277bb4a61f942ac9cf8fd14d128cbd971124491cac7b7066fbafac5ad7b8a090264c817842b4ff97bfadb411cf1b9ae629487ab2
Malware Config
Extracted
| Family |
icedid |
| C2 |
vernerfonbraun.pw |
Signatures
-
IcedID First Stage Loader ⋅ 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1980-131-0x00000000750F0000-0x00000000750F6000-memory.dmp IcedidFirstLoader behavioral2/memory/1980-132-0x00000000750F0000-0x0000000075137000-memory.dmp IcedidFirstLoader -
Blocklisted process makes network request ⋅ 4 IoCs
Processes:
rundll32.exeflow pid process 53 1980 rundll32.exe 65 1980 rundll32.exe 74 1980 rundll32.exe 85 1980 rundll32.exe -
Suspicious use of WriteProcessMemory ⋅ 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4652 wrote to memory of 1980 4652 rundll32.exe rundll32.exe PID 4652 wrote to memory of 1980 4652 rundll32.exe rundll32.exe PID 4652 wrote to memory of 1980 4652 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exePID:4652rundll32.exe C:\Users\Admin\AppData\Local\Temp\48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6.dll,#1Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:1980rundll32.exe C:\Users\Admin\AppData\Local\Temp\48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6.dll,#1Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation