Analysis
-
max time kernel
125s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27-09-2022 16:38
Static task
static1
Behavioral task
behavioral1
Sample
flagstaff.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
flagstaff.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
flagstaff.dll
-
Size
476KB
-
MD5
7d81188fd25fbfc8b57b1889cc6ae180
-
SHA1
4dc6aa65779ec365bc1622bf0b28a5328acf4ac3
-
SHA256
66608501a21447082fe287bd99a8d7b7f0049e2ab3d161e3a3cfbf3e1f28b3bb
-
SHA512
0abb06d262ce25bd5e979789568f622e839cf4fc36bade958a8d1d13a3bfbb97a99665a6df91c2aa8c480da6e3d084ea4feacf0ec1e02cc5a207d9fb39a83d91
-
SSDEEP
6144:2nUq1i6qMhmPGx96QeQSIpBYMeepMRT9xa5yqwH:SUq1i6qbGx4IpheepMFLaAqo
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3228182693
C2
tezycronam.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 2 832 rundll32.exe 4 832 rundll32.exe 5 832 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 832 rundll32.exe 832 rundll32.exe