Analysis
-
max time kernel
38s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
30-06-2022 08:46
Static task
static1
Behavioral task
behavioral1
Sample
p3roms/documents.lnk
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
p3roms/documents.lnk
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
p3roms/p3roms.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
p3roms/p3roms.dll
-
Size
731KB
-
MD5
e8496b7b90c403771de47a16543aa078
-
SHA1
446e949646284181d54f30a13c1e2a72168baa2e
-
SHA256
e2e4c0ea5a3d6e3e4b99a8f7b46085b73e9f78779fa82b4a1b041d67e4be7173
-
SHA512
c23008ebad2faf2770396d079d564966e4aea3cbf6ba17b3493390af877b37495a7538f1464ac75a0034314867b8d960881267368b57923d97a0bc299d40b28b
Malware Config
Extracted
Family
icedid
Campaign
3652318967
C2
yankyhoni.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 2 1240 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1240 rundll32.exe 1240 rundll32.exe