Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
10/07/2022, 08:31
Static task
static1
Behavioral task
behavioral1
Sample
0d39f2d793cf4c44d27d10dd53bf8b25.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
0d39f2d793cf4c44d27d10dd53bf8b25.dll
-
Size
671KB
-
MD5
0d39f2d793cf4c44d27d10dd53bf8b25
-
SHA1
54435ecd9efad8ac9d8938668487877136bbfbf8
-
SHA256
6302f08805736a80b939c7b4e226bc7c0201c8ea567f0aaa5ac058c87c6c829f
-
SHA512
42d88ee9adb8bad2c3e1651681e2111555a4f61781587c340295f29715905c1b76b0ee0ed37e281817cbdc655a62ee38bb1ee88081705cf1ddba47899598f731
Malware Config
Extracted
Family
icedid
Campaign
1060798742
C2
carismorth.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 5 1864 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1864 rundll32.exe 1864 rundll32.exe