Analysis
-
max time kernel
139s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
04-10-2022 15:51
Static task
static1
Behavioral task
behavioral1
Sample
866364f529dbcaf4c23c814d9400d441.dll
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
866364f529dbcaf4c23c814d9400d441.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
866364f529dbcaf4c23c814d9400d441.dll
-
Size
672KB
-
MD5
866364f529dbcaf4c23c814d9400d441
-
SHA1
61beed8fbbabe4860beb020310de10d54aeaedc6
-
SHA256
acdd6bc482cd6d0c6f4cd96633017f0914693858123b8cb01d5fceff9abf85f1
-
SHA512
56e2e62767cd5c109399e79b65e57931d07ee0420b4b01f9c1d31e0ea3e312f0dd68392f0ad21daf1cfb90636d2e66194c3b3a67f8cda46438ffc223af26eb45
-
SSDEEP
12288:ik6bSzrCEhwrC8yIJrlwgOW9xwMGwy0w7w4wJ+wwwZwb8bewf+HwddBlvm:ik6mPXR0gI7m
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2399258081
C2
eysneolissionsm.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 2 1724 rundll32.exe 4 1724 rundll32.exe 5 1724 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1724 rundll32.exe 1724 rundll32.exe