Analysis
-
max time kernel
37s -
max time network
40s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
10/07/2022, 07:31
Static task
static1
Behavioral task
behavioral1
Sample
56c2f503b84c30bf9121dad90b7659c1.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
56c2f503b84c30bf9121dad90b7659c1.dll
-
Size
673KB
-
MD5
56c2f503b84c30bf9121dad90b7659c1
-
SHA1
33a386a67d3da55126b5e11d76278cbbbf66c96f
-
SHA256
a7eef251fc3cd497b7397b4656ef809a67163603b384db2a590c7592eccc4daa
-
SHA512
4d32dca9b7eccc5de03ca627c8f1b9a6802e3e8e19a534cec52892f1f22f19427c1458409bb982d3fedb3753158206e36cfabc2d5e2b9023db9f2585e8b8d7c6
Malware Config
Extracted
Family
icedid
Campaign
1060798742
C2
carismorth.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 2 1276 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1276 rundll32.exe 1276 rundll32.exe