Analysis
-
max time kernel
72s -
max time network
75s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
29-06-2022 18:55
Static task
static1
Behavioral task
behavioral1
Sample
p3roms.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
p3roms.dll
-
Size
734KB
-
MD5
84adaf9bc6b39ac9f588a2546b4cff84
-
SHA1
b7a1bf50279f3762a269a6725a37aba36dfcafcd
-
SHA256
06aadc1b1beff569d05afc7e993e97351330e6e8719f5618ccce5760860d0816
-
SHA512
4b72e74375df26c52ead4f7af1f364a39c1cdd4d4ed95676fa8193d2de00eaba0d79d93e83235e0df6ae17f69351a1517d4adf516429158a1a5cf071726849fa
Malware Config
Extracted
Family
icedid
Campaign
3652318967
C2
yankyhoni.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 2 4320 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 4320 rundll32.exe 4320 rundll32.exe