Overview

overview

10

Static

static

ebe23f49.jpg.dll

windows7_x64

10

ebe23f49.jpg.dll

windows10_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    29-10-2020 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebe23f49.jpg.dll

  • Size

    130KB

  • MD5

    307baee7a6a0611d7fe8e0100f0c5004

  • SHA1

    df4454ee7b9bfe9cd139838b16b97e044b6ed0cb

  • SHA256

    8d4a19f6f6bea669bd04e5934f483d03a538dccc070a05269a8375315ae01562

  • SHA512

    9805d17c899c72a58217ed7fa84953f35e5a59f20d2f315c1583b4fe4c9bcde5b71e293c3e64a307686c290ad033182a616a759e7fd23c200f19e9e536d1a7e8

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

stryjerefer.buzz

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ebe23f49.jpg.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\ebe23f49.jpg.dll
      2⤵
        PID:1936

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1936-0-0x0000000000000000-mapping.dmp
      Download
    • memory/1936-1-0x0000000000210000-0x0000000000218000-memory.dmp
      Filesize

      32KB

      Download
    • memory/1936-2-0x0000000000260000-0x0000000000266000-memory.dmp
      Filesize

      24KB

      Download