Analysis
-
max time kernel
35s -
max time network
39s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
06-07-2022 09:48
Static task
static1
Behavioral task
behavioral1
Sample
r7kom.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
r7kom.dll
-
Size
451KB
-
MD5
de66c052f3a648383d4f12d0edaf1658
-
SHA1
819ec6a0e733abbb94e0749cfad1547eee7c5109
-
SHA256
dea1ff9aa93653426473b13a0fbc088c3ad5849ec002a6a732d970cb6a01fa2d
-
SHA512
71bf324c3b036010bcf847b1d187c2c88abe372178d9deb31e149d461012309579d2f05674967d5043e6cc070ad8cd07dbe3d092d4b82de4056cda8f9be4eba3
Malware Config
Extracted
Family
icedid
Campaign
3568430872
C2
alionavon.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 2 240 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 240 rundll32.exe 240 rundll32.exe