Analysis
-
max time kernel
131s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
26-09-2022 15:51
Static task
static1
Behavioral task
behavioral1
Sample
94efbbb48b1d3703e1055160db06e65f.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
94efbbb48b1d3703e1055160db06e65f.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
94efbbb48b1d3703e1055160db06e65f.dll
-
Size
317KB
-
MD5
94efbbb48b1d3703e1055160db06e65f
-
SHA1
516e2bb96abfe1f91cd00b0d67b596228536ddeb
-
SHA256
bbe6b63e43398a3d4b36a5b669d5fd5b2e480b38ef31e6d6b2553374055d9187
-
SHA512
cbb30485dd935d4d922458e3658fca02995dd44bd1983090facf4e5ee8819bc0d7b6761e7d32ebccfe625bc9c813fd1546b9ebe610e6c883f52d6fe7e9502190
-
SSDEEP
6144:bJIId9kP7+sYAdo9ZvHsJge7lfh+mQVri2VrpgEhBvZ:/9kP7I/sm2lfv29pgEhhZ
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
1023645195
C2
trallfasterinf.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 13 4988 rundll32.exe 34 4988 rundll32.exe 37 4988 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
rundll32.exepid process 4988 rundll32.exe 4988 rundll32.exe 4988 rundll32.exe