Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-12-2024 05:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
disagree_.dll
Resource
win7-20240729-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
disagree_.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
core.bat
-
Size
186B
-
MD5
cb539d823a0cb6aaf97acca94e99a744
-
SHA1
35b2bca0ed8d2379ab12e3e493b37aa919d87f56
-
SHA256
c83d581e5dd4eaa0b5977de0b256eed18f2d41d51d94cd8bb63945659bfdb084
-
SHA512
a8155122e35a1bccaf9a62b4fb132961694d02db8a8f5608f5332e48355f2fdf4a43c0c97a39d25ce5a4a3e6aa95d7fb1b28396dd0d4dc1b2802d605b0f49d2e
Score
10/10
Malware Config
Extracted
Family
icedid
Botnet
3036889562
C2
stooryallice.com
yellowpyrrol.com
Attributes
-
auth_var
1
-
url_path
/news/
Signatures
-
Icedid family
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2488 wrote to memory of 1628 2488 cmd.exe 32 PID 2488 wrote to memory of 1628 2488 cmd.exe 32 PID 2488 wrote to memory of 1628 2488 cmd.exe 32