Analysis
-
max time kernel
201s -
max time network
256s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06-01-2024 02:33
Static task
static1
Behavioral task
behavioral1
Sample
CLICK-TO-OPEN.lnk
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
CLICK-TO-OPEN.lnk
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
eos.bat
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
eos.bat
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
quo.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
quo.dll
Resource
win10v2004-20231215-en
General
-
Target
eos.bat
-
Size
57B
-
MD5
f793cf6f248d7b407b027d259c59b37d
-
SHA1
1a0f964d0917e0ff2a29d7aaca10d5fcbb7782e4
-
SHA256
c92e52a9eacc81fc69848d88977218bf8fea3da929b5d7d4d32061cb10cdc10f
-
SHA512
ade2f276ab6194fe7f29b9a884b1996ea063bf9e8352c5c94b40a67fa9196def15af9d49a2c1b4ec35c5dd1a009be5ffcda0729caed2c36f20134fc26fbe226e
Malware Config
Extracted
icedid
2478295045
mistulinno.com
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
rundll32.exepid process 2872 rundll32.exe 2872 rundll32.exe 2872 rundll32.exe 2872 rundll32.exe 2872 rundll32.exe 2872 rundll32.exe 1268 1268 -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
rundll32.exepid process 2872 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 2872 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1940 wrote to memory of 2872 1940 cmd.exe rundll32.exe PID 1940 wrote to memory of 2872 1940 cmd.exe rundll32.exe PID 1940 wrote to memory of 2872 1940 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\eos.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Windows\system32\rundll32.exerundll32 "quo.amet" scab /k lomburd9242⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2872