Analysis
-
max time kernel
134s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
26-09-2022 17:17
Static task
static1
Behavioral task
behavioral1
Sample
avers.dll
Resource
win7-20220901-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
avers.dll
Resource
win10v2004-20220812-en
3 signatures
150 seconds
General
-
Target
avers.dll
-
Size
532KB
-
MD5
8201f1bfd204972dd1c2cb989a7c8cdf
-
SHA1
73ae0872d685685e2395894c743df925dcfd19d6
-
SHA256
39af395246a555cdca505f3b7358db16b107bd186b9cbcf18fa573acb4709a5f
-
SHA512
aea1304fc65ae6c060779f2f22dbd5be9f0c338e79c7ebcab763b822f55141a827bd8fdea04faf3128699076e9cb0075a5717f219086ec359b4faa67a9f33e14
-
SSDEEP
6144:x+86v2VKRnZEvCijwzDv35F5+Djwy/QCn5drokAieiR:x0v6vCij+3yB31x
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2537954433
C2
scainznorka.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 2 1272 rundll32.exe 4 1272 rundll32.exe 5 1272 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1272 rundll32.exe 1272 rundll32.exe