Analysis
-
max time kernel
133s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
18-09-2022 13:56
Static task
static1
Behavioral task
behavioral1
Sample
414f8facf086eb38c69916d92ff1ab7f.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
414f8facf086eb38c69916d92ff1ab7f.dll
-
Size
243KB
-
MD5
414f8facf086eb38c69916d92ff1ab7f
-
SHA1
5d5eb37e59721976e50e3c67605a6bfae2111bf3
-
SHA256
6801de84321e6392152683399a7577572710895f67813c6101ded8093cbb32ee
-
SHA512
8b65c7f045fc1d26512d311e52cca2c118dd6bf4c3dfe1a404e6d04498b9ae66b024c205554e48b39042a0efd7b90087e8eb2574707beacb407a9cfa67b44e96
-
SSDEEP
3072:EgyPm+PU16y0a724xuIKhloD+T2GhQOiEhzCOQJzkQhUzI3d2WhmEW:EZO+K6yhIyMvhG2QyV
Malware Config
Extracted
Family
icedid
Campaign
809191839
C2
allozelkot.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 2 780 rundll32.exe 4 780 rundll32.exe 5 780 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 780 rundll32.exe 780 rundll32.exe