Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2023 09:24
Static task
static1
Behavioral task
behavioral1
Sample
problem.dll
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
problem.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
problem.dll
-
Size
632KB
-
MD5
9760913fb7948f2983831d71a533a650
-
SHA1
af5eaf010e47eb1c4b073f31aa725df0e5547a25
-
SHA256
68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff
-
SHA512
0c2b846b0836fa8a3669f736fa3db69fb04491dba67cb798556b290a97915b6d149b58a0b6cc96be9bbed3d0686da048f7f071ad3cf6fec3ea70c70ad0ba964a
-
SSDEEP
6144:jk0TC2AM0BdNIrVhPkP0qIo8pWmtlIDg8ZdOp/qc5rF:jkeL0BdmPXq983t58nOp35rF
Score
10/10
Malware Config
Extracted
Family
icedid
Botnet
2634746917
C2
june85.cyou
golddisco.top
Attributes
-
auth_var
2
-
url_path
/audio/
Extracted
Family
icedid
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1664-133-0x0000000074810000-0x0000000074816000-memory.dmp IcedidSecondLoader behavioral2/memory/1664-134-0x0000000074810000-0x0000000074DBE000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1604 wrote to memory of 1664 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1664 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1664 1604 rundll32.exe rundll32.exe