Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
10/07/2022, 07:16
Static task
static1
Behavioral task
behavioral1
Sample
344aed57a14e6fec41871b303d88b2b2.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
344aed57a14e6fec41871b303d88b2b2.dll
-
Size
675KB
-
MD5
344aed57a14e6fec41871b303d88b2b2
-
SHA1
ccbe2034d5b2edbbca81a5e49de9ec2646e4942d
-
SHA256
851c404bdb0b68ab0f531a80fc4feba8ef397c33418341925c0be9c777dfc704
-
SHA512
8c494062fd223177bbcbc750f9a60be2cf7ff796c40ee1a78a9ef4aaca49191f796ef26c31e4da3987fe276756bcea55e7ac8087a2f130dd5dacb0a8773d127b
Malware Config
Extracted
Family
icedid
Campaign
1060798742
C2
carismorth.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 2 1756 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1756 rundll32.exe 1756 rundll32.exe