Analysis
-
max time kernel
91s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
09/07/2022, 03:23
Static task
static1
Behavioral task
behavioral1
Sample
929b88d46394f84149e7f5c59d254a0b10d88384708c95e40260c38c61051cff.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
929b88d46394f84149e7f5c59d254a0b10d88384708c95e40260c38c61051cff.dll
-
Size
534KB
-
MD5
d05b1e033590181e8101e326c01570fc
-
SHA1
e991f6840ad43f2deb06a4c04e4412f34a5c5eab
-
SHA256
929b88d46394f84149e7f5c59d254a0b10d88384708c95e40260c38c61051cff
-
SHA512
63c27e2d3209816cd3b3e117ae6ffffa8b5fb199d1d59bb7c824d16aa6981ccdfc5415b4484fd0fd83a4bfc2b47dac2604f073462b4c055adcf7b1a013b5d775
Malware Config
Extracted
Family
icedid
Campaign
227378761
C2
blionarywesta.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 11 3724 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3724 rundll32.exe 3724 rundll32.exe