Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
23/07/2022, 08:06
Static task
static1
Behavioral task
behavioral1
Sample
5d283c8dc6281bd2717760614df917c1.dll
Resource
win7-20220718-en
4 signatures
150 seconds
General
-
Target
5d283c8dc6281bd2717760614df917c1.dll
-
Size
110KB
-
MD5
5d283c8dc6281bd2717760614df917c1
-
SHA1
300d151d2f4f30a92bdb923ef9fb3c07e8407f52
-
SHA256
25533b670fae7fb0f632bcbd142d55242a30f0151e0225abb0214d3f432e639d
-
SHA512
73827d026c62e17422fb34fc4bf22eef692045995d59dccfe0587884412e7e7789465ae078ff74805acbb9e9bc80fb1f9c6f75213b80aa0d65ac878d8489f672
Malware Config
Extracted
Family
icedid
Campaign
244156380
C2
garbagewellduno.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 2 308 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 308 rundll32.exe 308 rundll32.exe