Analysis
-
max time kernel
91s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
05-07-2022 20:11
Static task
static1
Behavioral task
behavioral1
Sample
7287387845476394829823.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7287387845476394829823.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Case.pdf
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Case.pdf
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Case.pdf.lnk
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Case.pdf.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
HDFcvLHBhKEQvBlli.ps1
Resource
win7-20220414-en
General
-
Target
7287387845476394829823.dll
-
Size
675KB
-
MD5
d9ca0b8b3d18b348148b81766f34971b
-
SHA1
eaebf971a37f05268f73611d248c6b6047d8bb13
-
SHA256
3ff865046c458de3a317ecedaad6aa0e60d5d36f8fcc8bfa6d4cff42efa3c3ed
-
SHA512
941e5d5c2c06e57bb8a88643b140332c2fbc51c9d435825576b7ac02f929c5f6f235149e382a8dbaf12c8a39afbc03e3526cb582b43b026ced33e24e88d02551
Malware Config
Extracted
icedid
1175749654
hlansmagazine.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 10 3848 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 3848 rundll32.exe 3848 rundll32.exe