Analysis
-
max time kernel
553s -
max time network
556s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
26-09-2022 13:21
Static task
static1
Behavioral task
behavioral1
Sample
dawdlers.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
600 seconds
General
-
Target
dawdlers.dll
-
Size
452KB
-
MD5
9d7e2bde7c7266bb867b9a612613123a
-
SHA1
6079e2cf55d210fb8d6553842d049b232ed5b00e
-
SHA256
bf80df427ccc1355faf0afbf7e570f6af1b1390632e8f966e0db002f951b00b5
-
SHA512
82556fa928292c24e8ac481c9c65d5bc20692f597acbe5acad974264db816e8ef96ab3de0e83763fc689a540b7f9d3caeee44759b36994b91125e3a32290f083
-
SSDEEP
3072:ywJOuzQiAIOvJ+1rzyp5cq1LGKFKHrt9F5p3BZiZqBAJLMok3n+CBrMrRZm1xAyn:9JOuZrzyp5V1LGKiBBMSkLTc+yyZmA2
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2349072319
C2
sebdgoldingor.com
Signatures
-
Blocklisted process makes network request 10 IoCs
Processes:
rundll32.exeflow pid process 17 1584 rundll32.exe 38 1584 rundll32.exe 39 1584 rundll32.exe 41 1584 rundll32.exe 42 1584 rundll32.exe 44 1584 rundll32.exe 48 1584 rundll32.exe 49 1584 rundll32.exe 50 1584 rundll32.exe 51 1584 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1584 rundll32.exe 1584 rundll32.exe