Analysis
-
max time kernel
131s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
28-09-2022 15:26
Static task
static1
Behavioral task
behavioral1
Sample
e7581b297feebce79f805522a75a7f46.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e7581b297feebce79f805522a75a7f46.dll
Resource
win10v2004-20220901-en
General
-
Target
e7581b297feebce79f805522a75a7f46.dll
-
Size
452KB
-
MD5
e7581b297feebce79f805522a75a7f46
-
SHA1
ed2c63daa3b75a8d29ea5a08a889fc8f94dd25d5
-
SHA256
45e972e4f9cd2cf0b0200741081df634ee3e29a5109d7632ff4739df0ed9ad25
-
SHA512
860be4a9ec6f11dd33397917144720d0f5f397721f58192ddcc6d83fbdda3eb9867d269f3bdb87f1b980c6cbdce8ee4d801f08fb8c7b972b0a8912e82fbb1da5
-
SSDEEP
3072:ZpzQiAIOvJ+0vh1AKhgF9y6j613scqoFCrqJOuAn+CBnL56ZCoOt9Fy1TPp3BwI7:Zpx0vT9y1YsVoF/JOuA++L56ZdLVBtVF
Malware Config
Extracted
icedid
2349072319
sebdgoldingor.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 24 2132 rundll32.exe 55 2132 rundll32.exe 56 2132 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2132 rundll32.exe 2132 rundll32.exe