Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
06-07-2022 16:50
Static task
static1
Behavioral task
behavioral1
Sample
h1mor3/documents.lnk
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
h1mor3/documents.lnk
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
h1mor3/h1mor3.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
h1mor3/h1mor3.dll
-
Size
815KB
-
MD5
31b27506a6ece8dd09db6013e2ef2148
-
SHA1
e61221453335166db950f31a502820365ffd1dfa
-
SHA256
c1dbcc795995afe6927bf569863826844fb445de17e8e2fc1fea7531da7b2952
-
SHA512
10c81ebef645127b6e191f9798dddddf096ee7c666f5b8bb420924602a534eae5cddbedf34a245950cf3e074bbde2b3d3a8c0d5ac56a49b26fed72b1246e2d3f
Malware Config
Extracted
Family
icedid
Campaign
4105767744
C2
frodupshopping.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 2 1972 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1972 rundll32.exe 1972 rundll32.exe