Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-11-2022 19:01
Static task
static1
Behavioral task
behavioral1
Sample
ver123.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
ver123.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
ver123.dll
-
Size
96KB
-
MD5
f315325aecae49d502589694b6650bf0
-
SHA1
88b5d50c8e9e4f79b773a268da51a1f90718114c
-
SHA256
45704a092e0f331dec2c86dc2f7259b4680bb71c542aea59005bf1b1a8a18d3f
-
SHA512
ff9c89b5a7db2e1262aa87839d2ff41aff56861f241947ed8a857ac8f9904334269c74aff01bd4c8d1bf1f07d3ba1fa3ce02e1ef7c0e64a21e86e0501bd9cb2d
-
SSDEEP
1536:Z/Uo2DoDZjinBQFp5iVz+O22D9YUSh9T9S6PDJUTfhIr083GY2:Z/NhP5mzk2a7XsytW6083D2
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
1609463178
C2
trolspeaksunt.com
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 2 1676 rundll32.exe 5 1676 rundll32.exe 6 1676 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1676 rundll32.exe 1676 rundll32.exe