Analysis
-
max time kernel
143s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
03-10-2022 07:00
Static task
static1
Behavioral task
behavioral1
Sample
imparted.db.dll
Resource
win7-20220812-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
imparted.db.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
imparted.db.dll
-
Size
679KB
-
MD5
8214d82abb0300ca02562a59bf1de91e
-
SHA1
3e652df50f7761e979942e6deab6b5b511ed80d7
-
SHA256
423c2433f2854310f94740c92ccb0b206a965dad8528261a13cd77a439846fb3
-
SHA512
bbca4278bc2ecf841db0c60b722ee937c48ebeecf42bf7d7f35e764be1e507bc1e7c8c8b722858a9a3005bce159b0be5400ebd5ab1caef2c2f5cea57addc9ab5
-
SSDEEP
6144:lg+yhfEfzTxhI43zNOluFa98Hrpi6GLZ/8LxpU61OHMvK8yZ9r/:ldBPRpGLUl1OHM4b/
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2909555027
C2
guversaksi.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 26 1412 rundll32.exe 57 1412 rundll32.exe 68 1412 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1412 rundll32.exe 1412 rundll32.exe