Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
24/07/2022, 09:46
Static task
static1
Behavioral task
behavioral1
Sample
0a1ecff59d21c9ac48bdf171e14c5651.dll
Resource
win7-20220715-en
4 signatures
150 seconds
General
-
Target
0a1ecff59d21c9ac48bdf171e14c5651.dll
-
Size
96KB
-
MD5
0a1ecff59d21c9ac48bdf171e14c5651
-
SHA1
5768af11a1bf88260db18e849222e62c95b0cb79
-
SHA256
33392acae344f7c8ede0bce4b56d1a476b97ef28de407ab9dc599ffecfbcd627
-
SHA512
5ed3c1b14ca52e5052a29e0e5b2159832ecb9cea8d6ec845428adea86bb30c10a8fa5fbe80a7de1ed5ce08dbca4f75c121a5328e06b6c1cc51d23494ca4397da
Malware Config
Extracted
Family
icedid
Campaign
2937671378
C2
cootembrast.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 2 1864 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1864 rundll32.exe 1864 rundll32.exe