Analysis
-
max time kernel
133s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03-02-2023 03:38
Static task
static1
Behavioral task
behavioral1
Sample
RunDLL-1.bat
Resource
win10-20220812-en
windows10-1703-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
RunDLL-1.bat
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
General
-
Target
RunDLL-1.bat
-
Size
27B
-
MD5
fe56021fdf990bbd7922f23124604fbb
-
SHA1
1f2b32b3d4820d3037ed8b60f1f59b9a4430937e
-
SHA256
cd00124e4f9c80290906da4c71a96cfb011e0e91ed93c0740bfa7ab9cdb03002
-
SHA512
de1e958a9791734211bcbe4ee4004c9475a8cbc3221b4cc0daa8283c832192896ae33e8ce043b7e65dca52628efd73e42095bf01a07dbb91ad056f5c3e2c5aae
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2255569783
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
rundll32.exeflow pid process 2 1696 rundll32.exe 4 1696 rundll32.exe 5 1696 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1696 rundll32.exe 1696 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1532 wrote to memory of 1696 1532 cmd.exe rundll32.exe PID 1532 wrote to memory of 1696 1532 cmd.exe rundll32.exe PID 1532 wrote to memory of 1696 1532 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\RunDLL-1.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe NmClt.bin,init2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses