Analysis
-
max time kernel
132s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
15-09-2022 18:01
Static task
static1
Behavioral task
behavioral1
Sample
Extracted-Hex.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
Extracted-Hex.dll
-
Size
243KB
-
MD5
766fb7ca50d63897e7bb3a5c9659e2fd
-
SHA1
c2139527666683e4371f3ed79beeaae7d98dcca2
-
SHA256
e5591e357359405cef1b8d22901b5e844c0dc480a7d4b15324f21a2a17723aab
-
SHA512
9d6dd458d2c3a59a713e31c1feb3cebb1125ed3f9f7e6f33f50a688383bf02af40f6885d6e64b51b596d1585d8fa27f84cf19dec44bd5941b403a492609dcde3
-
SSDEEP
3072:VgyPm+PU16y0a724xuIKhloD+T2GhQOiEhzCOQJzkQhUzI3d2WhmEN:VZO+K6yhIyMvhG2QyK
Malware Config
Extracted
Family
icedid
Campaign
809191839
C2
allozelkot.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 2 1956 rundll32.exe 4 1956 rundll32.exe 5 1956 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1956 rundll32.exe 1956 rundll32.exe