Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2024 07:16
Static task
static1
Behavioral task
behavioral1
Sample
90b03e7552b681f57da3cfffcb727b2d1f2d0167f4b5840f44f9a4b634c5b463.dll
Resource
win7-20240903-en
General
-
Target
90b03e7552b681f57da3cfffcb727b2d1f2d0167f4b5840f44f9a4b634c5b463.dll
-
Size
311KB
-
MD5
09af28d254a6e9c3191476fbc254e8f3
-
SHA1
d1df6b470c454692077701749069b90c14e4236a
-
SHA256
90b03e7552b681f57da3cfffcb727b2d1f2d0167f4b5840f44f9a4b634c5b463
-
SHA512
4ea6539b9e8e93219b00ce808a31a10618a163d19e4f113d81d586d9fec738d69122a3c1bc851c3a0b8db789f231d49ed563bbba7daac40bd0583f68e25593c5
-
SSDEEP
6144:6imJfMEFIRoFCjNnvtRjI2TP1AWSKC248yYJxmyu6UDn:LmJ08ImopLLP1AZrH8yYJxmyu6UD
Malware Config
Extracted
icedid
Signatures
-
Icedid family
-
IcedID Second Stage Loader 2 IoCs
resource yara_rule behavioral2/memory/2588-1-0x00000000753C0000-0x0000000075425000-memory.dmp IcedidSecondLoader behavioral2/memory/2588-2-0x00000000753C0000-0x0000000075425000-memory.dmp IcedidSecondLoader -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4016 wrote to memory of 2588 4016 regsvr32.exe 83 PID 4016 wrote to memory of 2588 4016 regsvr32.exe 83 PID 4016 wrote to memory of 2588 4016 regsvr32.exe 83
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\90b03e7552b681f57da3cfffcb727b2d1f2d0167f4b5840f44f9a4b634c5b463.dll1⤵
- Suspicious use of WriteProcessMemory
PID:4016 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\90b03e7552b681f57da3cfffcb727b2d1f2d0167f4b5840f44f9a4b634c5b463.dll2⤵
- System Location Discovery: System Language Discovery
PID:2588
-