Analysis
-
max time kernel
88s -
max time network
90s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
23/07/2022, 12:16
Static task
static1
Behavioral task
behavioral1
Sample
535cf81ef13340cd5963851a6eaafb79.dll
Resource
win7-20220718-en
4 signatures
150 seconds
General
-
Target
535cf81ef13340cd5963851a6eaafb79.dll
-
Size
110KB
-
MD5
535cf81ef13340cd5963851a6eaafb79
-
SHA1
683ce9eba81c68febefd5ccd3eb48efcaadcc1ab
-
SHA256
cd1c5d1f2e772c5c89a81c60a2ff9244e0e42bfcd02a56881019ac9dd653bf92
-
SHA512
69f6ad1dffba6ca1a2b6241ced98cadd6a4c9ec75d559a9d2e46f2a375a64c452384d2243dc41f3cb1ce044e7a63e4ae59bd9cddc829fac67ae28389dfedc3fe
Malware Config
Extracted
Family
icedid
Campaign
244156380
C2
garbagewellduno.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 2 IoCs
flow pid Process 3 4836 rundll32.exe 13 4836 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4836 rundll32.exe 4836 rundll32.exe