Analysis
-
max time kernel
271s -
max time network
275s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-11-2022 19:45
Static task
static1
Behavioral task
behavioral1
Sample
pss10r.chm
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
pss10r.chm
Resource
win10-20220901-en
Behavioral task
behavioral3
Sample
run.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
run.cmd
Resource
win10-20220812-en
Behavioral task
behavioral5
Sample
ver123.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
ver123.dll
Resource
win10-20220901-en
General
-
Target
ver123.dll
-
Size
96KB
-
MD5
d6c6c7e5747aeae222a07770bf22d2c8
-
SHA1
8c1c899664c82043fe583078ca567667c2c1d328
-
SHA256
03d1febebc88cd23690ca6885a576916f61d1c9b412d5fb661bbdcdfe9c4a9a0
-
SHA512
bcb9faad81b7ec7962a0ca832bc790cf953b9adca5e4749c61cc223dcea59684117b7ab1dbd880d383e33abcf5a8ed074f9ef4f0b260744bbc3195577456c32f
-
SSDEEP
3072:PhsRYxpnZaiZukn6XK1DK+hfN/bfw/5hT:ZxZ2kDKo1TfI
Malware Config
Extracted
icedid
1609463178
trolspeaksunt.com
Signatures
-
Blocklisted process makes network request 5 IoCs
Processes:
rundll32.exeflow pid process 2 2012 rundll32.exe 4 2012 rundll32.exe 5 2012 rundll32.exe 7 2012 rundll32.exe 8 2012 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2012 rundll32.exe 2012 rundll32.exe