Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
09/07/2022, 02:15
Static task
static1
Behavioral task
behavioral1
Sample
7e461f90aa3742a7e3f1c2a2555abae2c2ba9ba5eb18c862b211683e7f832490.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
7e461f90aa3742a7e3f1c2a2555abae2c2ba9ba5eb18c862b211683e7f832490.dll
-
Size
536KB
-
MD5
586c92fa74418f59f691a74bb7df47d4
-
SHA1
3a3aaf7ed35ebb69a54e6da577af641e2f3933e2
-
SHA256
7e461f90aa3742a7e3f1c2a2555abae2c2ba9ba5eb18c862b211683e7f832490
-
SHA512
e1b8abdc482d1e5c4e308c49fd7953cb3bf2d511e8b05640bfb643063abe4bded066bea999ef2414e94e377b325e71a9ac71303d779086800fce541ce6b9993c
Malware Config
Extracted
Family
icedid
Campaign
227378761
C2
blionarywesta.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 2 384 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 384 rundll32.exe 384 rundll32.exe