Analysis
-
max time kernel
137s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04-10-2022 18:46
Static task
static1
Behavioral task
behavioral1
Sample
e8f25c916df6506ec339bdef465cdae2.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
e8f25c916df6506ec339bdef465cdae2.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
e8f25c916df6506ec339bdef465cdae2.dll
-
Size
672KB
-
MD5
e8f25c916df6506ec339bdef465cdae2
-
SHA1
b3afa41be3089128cb583e3fd675202eaab93cea
-
SHA256
4db9020d2c2305806df59d2e12ceec9788a0a5925bf4b4ab2fa154f7f97c9abb
-
SHA512
72879b7e14bd23f3256e695b6bb1eb57fb9ed69126ea5fef4007eaa4be49270434e18c8f286ed93c1e2917a9d4dcb51ed75a4588ecf29733f7e58dd6a9de9014
-
SSDEEP
12288:YkVhSzrCEhwrC8yIJrlwgOW9xwMGwy0w7w4wJ+wwwZwb8bewf+HwddBlvC:YkVgPXR0gI7C
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2399258081
C2
eysneolissionsm.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 12 3524 rundll32.exe 35 3524 rundll32.exe 46 3524 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 3524 rundll32.exe 3524 rundll32.exe