Analysis
-
max time kernel
40s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
24/07/2022, 07:32
Static task
static1
Behavioral task
behavioral1
Sample
787c778ecede05ddc4f214a1350ab51d.dll
Resource
win7-20220715-en
4 signatures
150 seconds
General
-
Target
787c778ecede05ddc4f214a1350ab51d.dll
-
Size
96KB
-
MD5
787c778ecede05ddc4f214a1350ab51d
-
SHA1
ac345a86e8c08d2e80639c3bbf1d56ad8f81cf31
-
SHA256
7d893c49b4c9e9e29bb7db23b12fdd11363d404479368cb256d3a43b5bda8cc5
-
SHA512
2ab37dbf6de7bbd98a6fcd4840ac9379f5f3a64304b6d91843b69c702320ff76ce86f9ea8de5bf88823c898e2d942606b8c2d8267c7ea7b28547e311236f3be9
Malware Config
Extracted
Family
icedid
Campaign
2937671378
C2
cootembrast.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 2 620 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 620 rundll32.exe 620 rundll32.exe