Overview
overview
10Static
static
Invoi_PDF.lnk
windows7-x64
3Invoi_PDF.lnk
windows10-2004-x64
3ricocheted...ted.js
windows7-x64
3ricocheted...ted.js
windows10-2004-x64
1ricocheted...rs.cmd
windows7-x64
1ricocheted...rs.cmd
windows10-2004-x64
1ricocheted...ys.dll
windows7-x64
10ricocheted...ys.dll
windows10-2004-x64
10Analysis
-
max time kernel
130s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
26-09-2022 15:08
Static task
static1
Behavioral task
behavioral1
Sample
Invoi_PDF.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Invoi_PDF.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
ricocheted/detonatorUncaptivated.js
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
ricocheted/detonatorUncaptivated.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
ricocheted/pregnantTitillators.cmd
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
ricocheted/pregnantTitillators.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
ricocheted/trolleys.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
ricocheted/trolleys.dll
Resource
win10v2004-20220812-en
General
-
Target
ricocheted/trolleys.dll
-
Size
358KB
-
MD5
fce4595c14985d9e891eda2be3824079
-
SHA1
362ada53842948089d6567a42c67744877fd1c7d
-
SHA256
3ab1572c68f1edce3e0f278900d3330c7c18f1964934ba0d5eefab57ebb9c01f
-
SHA512
1f195abae1ebc7cec3c285db0eb134330468a6e03b786804375d2a94291da666d019157061d827b3c48fa17ae7f7584355770c915d8ccd7177e90ab10c6ad08f
-
SSDEEP
6144:l6HdvqSwNOTzZLen7qACQ9j6pSHP7csiU302dw9qOL:MPLQHP7AX2djOL
Malware Config
Extracted
icedid
2432960414
zalikomanperis.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 14 488 rundll32.exe 35 488 rundll32.exe 37 488 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 488 rundll32.exe 488 rundll32.exe