Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
13-03-2023 16:29
Static task
static1
Behavioral task
behavioral1
Sample
hockey32.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
hockey32.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
run.bat
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
run.bat
Resource
win10v2004-20230221-en
General
-
Target
run.bat
-
Size
53B
-
MD5
af3982e63bd6117a6da9735eaf3961c3
-
SHA1
81e9edb76f4dd178df7c0d79a0a1cbc875b0113f
-
SHA256
fb31610299ecc6455c4832c8d355b08d9cdeb57ebf3f780e376feaf6956739b8
-
SHA512
6d2216f375cd42ec2fa1559f487b410ba90b0514ab74c9678ef4f71d28c64444679ba45d27e11267f596ef390f881dfb1f5c6c159e53f63a16418736ee9f87fa
Malware Config
Extracted
icedid
998075300
blomskavino.com
alishaskainz.com
-
auth_var
22
-
url_path
/news/
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1768 wrote to memory of 848 1768 cmd.exe rundll32.exe PID 1768 wrote to memory of 848 1768 cmd.exe rundll32.exe PID 1768 wrote to memory of 848 1768 cmd.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/848-54-0x0000000180000000-0x0000000180005000-memory.dmpFilesize
20KB
-
memory/848-59-0x0000000180000000-0x0000000180005000-memory.dmpFilesize
20KB
-
memory/848-58-0x0000000180000000-0x0000000180005000-memory.dmpFilesize
20KB
-
memory/848-60-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB