Analysis
-
max time kernel
91s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
10/07/2022, 08:26
Static task
static1
Behavioral task
behavioral1
Sample
698dd2bd46913360e0b8de30be941f5f.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
698dd2bd46913360e0b8de30be941f5f.dll
-
Size
671KB
-
MD5
698dd2bd46913360e0b8de30be941f5f
-
SHA1
52f5d29d9fd399f7e55b5f7221abc21eb1cfceb0
-
SHA256
87b3990d898a8ccdaf5b4ef9b4c39150e21fb120293bbbd5c139bf3ec94072a9
-
SHA512
72e488b4da577f945edcae2ebf7ad5cf3d0adbcd88d17cfe4fe27f27fb5a6720db85a31d1276c6da981933355c601a0c444bf14f2fd3d62d2434114ffba27fdd
Malware Config
Extracted
Family
icedid
Campaign
1060798742
C2
carismorth.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 14 1464 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1464 rundll32.exe 1464 rundll32.exe