Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
25-01-2023 09:23
Static task
static1
Behavioral task
behavioral1
Sample
prob_3.dll
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
prob_3.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
prob_3.dll
-
Size
185KB
-
MD5
87dc37e0edb39c077c4d4d8f1451402c
-
SHA1
4a45780d3872ae1462a85e5f711f753260f8d7df
-
SHA256
b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457
-
SHA512
0c315c056ac2aec977cc80c7c53cf3a118ee86ced8203437eddff6a8e653256153e8469055b7efd40796c1e1695e346b6ca65d90d70fee248e4dd8166909389e
-
SSDEEP
3072:uXpAQlUasEbieV/gltztsCvq2mv0u+EKX9E0JfHIQL:uXtUPvtsyqfCJJH7
Score
10/10
Malware Config
Extracted
Family
icedid
Botnet
2634746917
C2
june85.cyou
golddisco.top
Attributes
-
auth_var
4
-
url_path
/audio/
Extracted
Family
icedid
Signatures
-
IcedID Second Stage Loader 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2016-56-0x0000000074E60000-0x0000000074E66000-memory.dmp IcedidSecondLoader behavioral1/memory/2016-57-0x0000000074E60000-0x0000000074E9E000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1928 wrote to memory of 2016 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 2016 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 2016 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 2016 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 2016 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 2016 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 2016 1928 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-54-0x0000000000000000-mapping.dmp
-
memory/2016-55-0x00000000759F1000-0x00000000759F3000-memory.dmpFilesize
8KB
-
memory/2016-56-0x0000000074E60000-0x0000000074E66000-memory.dmpFilesize
24KB
-
memory/2016-57-0x0000000074E60000-0x0000000074E9E000-memory.dmpFilesize
248KB