Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
23/07/2022, 08:21
Static task
static1
Behavioral task
behavioral1
Sample
176cd8af6a4926e7a812fad1fbdf7a8b.dll
Resource
win7-20220718-en
4 signatures
150 seconds
General
-
Target
176cd8af6a4926e7a812fad1fbdf7a8b.dll
-
Size
107KB
-
MD5
176cd8af6a4926e7a812fad1fbdf7a8b
-
SHA1
58db8d95258b84faec278b6cd332522615cb9def
-
SHA256
fd9d324613bb72d6d0acea22f213d109b95c7599de486e998c8a574bc9bb2b72
-
SHA512
8cf4d4bc17218964d108520608d7f38eeb054b3ae56133b80609e86dc8f5fc5b95e713f7822f794dd7db053d205ccfb624bd94b4167bf7f384ac40f01055dc05
Malware Config
Extracted
Family
icedid
Campaign
1195019694
C2
garbagewellduno.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 2 640 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 640 rundll32.exe 640 rundll32.exe