Analysis
-
max time kernel
66s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
24/07/2022, 09:06
Static task
static1
Behavioral task
behavioral1
Sample
648c83e5f3a1ba4a263c14ecde137f06.dll
Resource
win7-20220718-en
4 signatures
150 seconds
General
-
Target
648c83e5f3a1ba4a263c14ecde137f06.dll
-
Size
96KB
-
MD5
648c83e5f3a1ba4a263c14ecde137f06
-
SHA1
f61eec7c62edf16778695e5c42b3e82163866f83
-
SHA256
85f25379a2c5948ceb33e5553a5795152d44c051b3d74fbe56d272fd0df198a1
-
SHA512
70fac6922d86535bfefa3d87bd3ea7daf8e984536f91fc72d42ac9f72d13d80a26c0bbab8b11e4f4ace9b8178f221f78f3e769d1088b138ed69818e8d17ab256
Malware Config
Extracted
Family
icedid
Campaign
2937671378
C2
cootembrast.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 7 1924 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1924 rundll32.exe 1924 rundll32.exe