Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18-03-2024 21:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32.dll
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
General
-
Target
98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32.dll
-
Size
108KB
-
MD5
69ea2a59a9b647a323fda98fdce6f977
-
SHA1
dadaa5977b73957bc6046a7caba9d06ebf55bc75
-
SHA256
98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32
-
SHA512
b093ce66a0f7e8d6b0ab8db725de4a80b24090fde30f5747cfebf55870c6913f2831a3ddba0edf86c6fe1826e8d35fffc34466abe135f525aed258b13b649db8
-
SSDEEP
1536:nrMmn5iWp5sYUmPqzksTqB/mLfFTtQ+zHB9MU:nA25iYe2aYKfFi+zHvMU
Malware Config
Extracted
Family
icedid
Signatures
-
IcedID Second Stage Loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/552-0-0x0000000010000000-0x0000000010022000-memory.dmp IcedidSecondLoader -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1252 wrote to memory of 552 1252 rundll32.exe rundll32.exe PID 1252 wrote to memory of 552 1252 rundll32.exe rundll32.exe PID 1252 wrote to memory of 552 1252 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32.dll,#12⤵