Overview

overview

10

Static

static

nivude1.dll

windows7_x64

10

nivude1.dll

windows10_x64

1

Analysis

  • max time kernel
    56s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    24-11-2020 15:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nivude1.dll

  • Size

    105KB

  • MD5

    3ab20b297e3b7fd853b7544c5ad3f142

  • SHA1

    37a2f9bdd672de1bfe7d55ac4b4c42ef9c63af83

  • SHA256

    f25862e2ae2bc1af4a3117c22317abac677b278645135013cdd43e47868d536b

  • SHA512

    0a32cae98c84f22739dce64e3200201acfd6799c5c289e92449014daa172a996a3186bdb8329d950ca271257abb23b36bb0b30ffabeb4c419b215e071ae1bef7

Score
10/10
icedidbankertrojan

Malware Config

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Core Payload 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\nivude1.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\nivude1.dll
      2⤵
        PID:1664

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1664-0-0x0000000000000000-mapping.dmp
      Download
    • memory/1664-1-0x0000000002D00000-0x0000000002DA6000-memory.dmp
      Filesize

      664KB

      Download