Analysis
-
max time kernel
90s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
05-07-2022 21:22
Static task
static1
Behavioral task
behavioral1
Sample
documents.lnk
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
documents.lnk
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
o5p0se.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
o5p0se.dll
-
Size
673KB
-
MD5
c59010fb2f9f2986c3830bc1e75e96f9
-
SHA1
475efec12172022b28e1020b9227f30f956b13a6
-
SHA256
352b7787103e0e735632fb70a89de041c3c4da7eb2194e5a5eafcc48f6096be4
-
SHA512
1deff83a4989ec4c1856c34ff686d8828cb7f82f7b0b5b28647bec4696b4ea6242edbc6348163a23316dfc4c2d23ac999fe8bacfd058fd6a0060ea6075eb49a4
Malware Config
Extracted
Family
icedid
Campaign
1060798742
C2
carismorth.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 11 2416 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2416 rundll32.exe 2416 rundll32.exe