Overview

overview

10

Static

static

wNkeO.txt.dll

windows7_x64

10

wNkeO.txt.dll

windows10_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    21-10-2020 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wNkeO.txt.dll

  • Size

    210KB

  • MD5

    93c7f5c0ad790f0cd530e1e3c6d9d296

  • SHA1

    d0ce5a5c0aac2aad937a903d004017f04e4bfd1c

  • SHA256

    5069c3e89ab5e79ff53991f175ff2f113c147c7351beda4e52374fae4f90853c

  • SHA512

    c5fcb473498d963587c841735c088f1166116d123042bab05f70bb05f58c08b18200ff635ecc139a0b16afed3b922f7ef9843a2289a1a61c01003b22785ca0d0

Score
10/10
icedid1949629567bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

1949629567

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Blocklisted process makes network request 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\wNkeO.txt.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3676
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\wNkeO.txt.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:3956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3956-0-0x0000000000000000-mapping.dmp
    Download