Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
09/07/2022, 02:24
Static task
static1
Behavioral task
behavioral1
Sample
b8f99c35c5afe185d918a01b4d0114409615d867eef96a2dac297b1c5453d8e3.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
b8f99c35c5afe185d918a01b4d0114409615d867eef96a2dac297b1c5453d8e3.dll
-
Size
536KB
-
MD5
ec0baedf6fb813e9d14cc156f72fd8a8
-
SHA1
30e26572595a5e33821a8f8799e807653fc28f53
-
SHA256
b8f99c35c5afe185d918a01b4d0114409615d867eef96a2dac297b1c5453d8e3
-
SHA512
1ad2f24643905b9c97ea2f5394ff614a325bbf247f100a1be5b3745745a6450a5df5fe862e9c65449aa985a04b1855330df4d2804f83c76abf244fa76e2fca63
Malware Config
Extracted
Family
icedid
Campaign
227378761
C2
blionarywesta.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 10 3548 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3548 rundll32.exe 3548 rundll32.exe