Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
12-04-2023 21:29
Static task
static1
Behavioral task
behavioral1
Sample
awake32.dll
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
awake32.dll
Resource
win10v2004-20230221-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
run.bat
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
run.bat
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
run.bat
-
Size
52B
-
MD5
0d05c5d81313dc589b57df12401e6688
-
SHA1
44f72793d2490dc34e728450df342cbe4cbebd74
-
SHA256
45ea9ebc1d93a95f935a90c0d113bd85fbe7db040aaa6692b22594a669c6b973
-
SHA512
56e9e9e52f1db72f32bd5079500e3af3b04662c8a0e0b2e9d2b93023d260eeaab42512f7ecd76a4e8a9a318fd07471ccbbc241fb8777a98472da9ad238554a6c
Score
10/10
Malware Config
Extracted
Family
icedid
Botnet
2646410796
C2
abigelofraj.com
yhorneedminf.com
Attributes
-
auth_var
16
-
url_path
/news/
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1560 wrote to memory of 1528 1560 cmd.exe rundll32.exe PID 1560 wrote to memory of 1528 1560 cmd.exe rundll32.exe PID 1560 wrote to memory of 1528 1560 cmd.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1528-59-0x0000000000110000-0x0000000000115000-memory.dmpFilesize
20KB
-
memory/1528-58-0x0000000000110000-0x0000000000115000-memory.dmpFilesize
20KB
-
memory/1528-54-0x0000000000110000-0x0000000000115000-memory.dmpFilesize
20KB
-
memory/1528-60-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB