Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
03-02-2023 03:38
Static task
static1
Behavioral task
behavioral1
Sample
RunDLL-1.bat
Resource
win10-20220812-en
windows10-1703-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
RunDLL-1.bat
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
General
-
Target
RunDLL-1.bat
-
Size
27B
-
MD5
fe56021fdf990bbd7922f23124604fbb
-
SHA1
1f2b32b3d4820d3037ed8b60f1f59b9a4430937e
-
SHA256
cd00124e4f9c80290906da4c71a96cfb011e0e91ed93c0740bfa7ab9cdb03002
-
SHA512
de1e958a9791734211bcbe4ee4004c9475a8cbc3221b4cc0daa8283c832192896ae33e8ce043b7e65dca52628efd73e42095bf01a07dbb91ad056f5c3e2c5aae
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2255569783
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 2 4116 rundll32.exe 7 4116 rundll32.exe 8 4116 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 4116 rundll32.exe 4116 rundll32.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 5104 wrote to memory of 4116 5104 cmd.exe rundll32.exe PID 5104 wrote to memory of 4116 5104 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\RunDLL-1.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe NmClt.bin,init2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses