IcedID | 8cd135e5b49d

Classifications

Downloader

Threat Names

C2/Generic-A IcedID

Dynamic Analysis Report

Created on 2022-08-11T23:24:42+00:00

8cd135e5b49d16aceb7665b6316cd4df2e132ef503ff0af51c080bad7010efd6.exe.dll

Windows DLL (x86-64)

Remarks (2/2)

DLL Loader Required (0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

Anti-Sleep Triggered (0x0200000E): The overall sleep time of all monitored processes was truncated from "10 seconds" to "10.0 milliseconds" to reveal dormant functionality.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\8cd135e5b49d16aceb7665b6316cd4df2e132ef503ff0af51c080bad7010efd6.exe.dll

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	352.00 KB
MD5	363777daf36e9534762d30bd4bf22c74
SHA1	ea94d9afd355dd23a069f21b3562d85a4266da4f
SHA256	8cd135e5b49d16aceb7665b6316cd4df2e132ef503ff0af51c080bad7010efd6
SSDeep	6144:RYCYa6MfAcSlE+S0fzAMJfWpKd5WhAl7CJDZ/PeHbUhHTmGPqG7s6FmlEHKiTd:SCwMfjSlE+A4eguRJDtPZIG46FkEH9
ImpHash	-

PE Information

Image Base	0x180000000
Size Of Code	0x00057800
Size Of Initialized Data	0x00000400
File Type	IMAGE_FILE_DLL
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_AMD64
Compile Timestamp	2022-08-11 11:52 (UTC+2)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x180001000	0x00057714	0x00057800	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	4.65
.rdata	0x180059000	0x0000017D	0x00000200	0x00057C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.44
.rsrc	0x18005A000	0x000001E0	0x00000200	0x00057E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.72

Exports (15)

API Name	EAT Address	Ordinal
JfUksQmDGYQRSQfC	0x00009422	0x00000002
MVeMOgOlu	0x000098FA	0x00000003
OnqcowdLVOpj	0x0000986E	0x00000004
aXXRQNg	0x00009BEE	0x00000005
agetCYHzlW	0x00009487	0x00000006
bbMIBZKkpJrSw	0x0000976D	0x00000007
nvWxVSzNIh	0x00009532	0x00000008
onXyNAQeqW	0x00009B56	0x00000009
qBYCIPM	0x00009D39	0x0000000A
raiafa	0x00009A6F	0x0000000B
ryiLrNIWKPUxQAhG	0x000096EA	0x0000000C
tndPRjog	0x0000944D	0x0000000D
vGGAkgKOkEwmNdGA	0x000095F0	0x0000000E
zBiUZzLtC	0x000099C1	0x0000000F
ztyasufasklfmjnaks	0x0000105E	0x00000001

92e4bcc9d85220f941eac6090cb30ebce298894f48fd1d0782ddd60211fb8d12

Downloaded File

HTML

MIME Type	text/html
File Size	268 Bytes
MD5	e40772bc81a0d2e8943d46942a2aa1d1
SHA1	048148737005e97f2e647b9c0f20dcd0adffbff0
SHA256	92e4bcc9d85220f941eac6090cb30ebce298894f48fd1d0782ddd60211fb8d12
SSDeep	6:4WKn0+D4UzxUObR/HO6mbetsndzRx3G0CezoSHsRWVBFABFEcXas8:4b0+9zxUeRZYetsndzRxGezDHsuBLmaj
ImpHash	-

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

Remarks (2/2)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information