Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
29-06-2022 13:32
Static task
static1
Behavioral task
behavioral1
Sample
documents.lnk
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
documents.lnk
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
s4pesa.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
s4pesa.dll
-
Size
731KB
-
MD5
aee5edbcfafb2c7a64ae6fece8de9e97
-
SHA1
446dd83a84b7eb5aac762017396b0a7b8776b7a3
-
SHA256
3576cdf797b23022feb4ec7eb4ff7b87d3a79a04574e35893efce871b0a7c92c
-
SHA512
495320cc7a3ba699df1fd7e5f1df76d1a5debe1320246eb0e644d9692d7692d69aea9e3185cefbd9e54a68f2f9b4d0497f1a71a2b7d9aeb345369cc777859692
Malware Config
Extracted
Family
icedid
Campaign
3652318967
C2
yankyhoni.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 2 1528 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1528 rundll32.exe 1528 rundll32.exe