Analysis
-
max time kernel
91s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
28-06-2022 19:13
Static task
static1
Behavioral task
behavioral1
Sample
r7kom.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
r7kom.dll
-
Size
450KB
-
MD5
3be46ad85ecaf1586a685b12a41bd488
-
SHA1
0ed3ea1b5a3327bdb8371a084ba2b0d21c34c4e5
-
SHA256
cb7c0d26b206c26f48a3c38a03e184fd9c0aee83f47047c67daff5c754bdf928
-
SHA512
12ebf549ce7790b121c71e138878b5f6b4f9b53c3c9c460e40fdf493a96c00987b1252d2f011c4e38b984f7a2cfccce1046e0c5f6b8b04855d86aa1de890fe74
Malware Config
Extracted
Family
icedid
Campaign
3568430872
C2
alionavon.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 11 2200 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2200 rundll32.exe 2200 rundll32.exe