Analysis
-
max time kernel
90s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
09/07/2022, 04:16
Static task
static1
Behavioral task
behavioral1
Sample
114853e130c61d78e7539f236800130cd530738c56347b0b365761e7fe7a888e.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
114853e130c61d78e7539f236800130cd530738c56347b0b365761e7fe7a888e.dll
-
Size
534KB
-
MD5
0d5e2db62cb432aca40e2000b6e97603
-
SHA1
482ee17b3b1f0372828237acec3aaac49a083fd7
-
SHA256
114853e130c61d78e7539f236800130cd530738c56347b0b365761e7fe7a888e
-
SHA512
dd355aa8b32c0f4c2ee10329cf2487080056866c63fc70ec11a29525652a16be33edd6393618ba9e6df410afdaa70c87deeff4eca0b0a6e4e56f5b8d57eb4b08
Malware Config
Extracted
Family
icedid
Campaign
227378761
C2
blionarywesta.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 11 3864 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3864 rundll32.exe 3864 rundll32.exe