Analysis
-
max time kernel
105s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
24/07/2022, 12:29
Static task
static1
Behavioral task
behavioral1
Sample
86d53d0f79158bca840b1ceb6a8fd6f9.dll
Resource
win7-20220718-en
4 signatures
150 seconds
General
-
Target
86d53d0f79158bca840b1ceb6a8fd6f9.dll
-
Size
96KB
-
MD5
86d53d0f79158bca840b1ceb6a8fd6f9
-
SHA1
8314ab6aeb5013213d3b1db4dc99a485c66529cc
-
SHA256
8f3e03dd22ae5b295abf6d88bc06b139ec718461fe558cd42b786475c2f94fee
-
SHA512
31b9d8787d47978ef66b912d332d69cb6b14d4426b34aab306d568e5a8a8a96bab666bbd62ad07f744b96199655920e23f0adac12897668ed451f61c6ca63b40
Malware Config
Extracted
Family
icedid
Campaign
2937671378
C2
cootembrast.com
Signatures
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
flow pid Process 23 3780 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3780 rundll32.exe 3780 rundll32.exe