Analysis
-
max time kernel
90s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08/07/2022, 17:06
Static task
static1
Behavioral task
behavioral1
Sample
f4031d6a432d5e572b68f4121b32f899.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
f4031d6a432d5e572b68f4121b32f899.dll
-
Size
534KB
-
MD5
f4031d6a432d5e572b68f4121b32f899
-
SHA1
9f7e2ebc376f2c9040bf8c7620338dbd1efce8df
-
SHA256
0fab6219869d559218307ff87b5dfb22fa8a7b6a3663a6319bba0bdb22b9e279
-
SHA512
a92be929bbbd66056316f12eefbe667db6ba286ce7ab8076bc5abc3de3a8978076ddc2ac4a5f865e1a54ea9d38bc64457ff911ae774ababd63a6e9930996e56c
Malware Config
Extracted
Family
icedid
Campaign
227378761
C2
blionarywesta.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 9 4236 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4236 rundll32.exe 4236 rundll32.exe