Analysis
-
max time kernel
621s -
max time network
624s -
platform
windows10-1703_x64 -
resource
win10-20220718-en -
resource tags
arch:x64arch:x86image:win10-20220718-enlocale:en-usos:windows10-1703-x64system -
submitted
20/07/2022, 15:02
Static task
static1
Behavioral task
behavioral1
Sample
b4ramo.dll
Resource
win7-20220715-en
3 signatures
600 seconds
Behavioral task
behavioral2
Sample
b4ramo.dll
Resource
win10-20220718-en
3 signatures
600 seconds
General
-
Target
b4ramo.dll
-
Size
174KB
-
MD5
2856421c070a292eed3ffe97d4d4d554
-
SHA1
3b0373d36ce7a93e0638d1cf8bde6c3b08ccc43d
-
SHA256
20b93fb30a796b5c4c8a634ed9faf5b54e6895feeb68cb83af94493d364e3138
-
SHA512
2ba06bdc9a2337e9b5c6b0b22c1551182e3d6267b5eab24a32669e732c453387dcb23da00c626a2dee29c97af48d303ad64463e6c204df30251e1a68750217b2
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
4182822218
C2
explorblins.com
Signatures
-
Blocklisted process makes network request 11 IoCs
flow pid Process 3 2700 rundll32.exe 6 2700 rundll32.exe 7 2700 rundll32.exe 8 2700 rundll32.exe 9 2700 rundll32.exe 15 2700 rundll32.exe 18 2700 rundll32.exe 19 2700 rundll32.exe 20 2700 rundll32.exe 21 2700 rundll32.exe 23 2700 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2700 rundll32.exe 2700 rundll32.exe