Analysis

  • max time kernel
    8s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    24-03-2021 20:44

General

  • Target

    d15fd8c40ec6cf42ae42ca9b2d070628d126934dc2358661784669224f922647.dll

  • Size

    52KB

  • MD5

    08a5d2176830db1c0f79a43f8a7055c4

  • SHA1

    ae6679c403b9d1976a49bf217695e7d129509090

  • SHA256

    d15fd8c40ec6cf42ae42ca9b2d070628d126934dc2358661784669224f922647

  • SHA512

    7cee4b8744208a2faf75fe6fd00fc39df4409873992b314b08f998b1bae6dac1ae67eb1b4c93cb002e34222b31770685d57c3967d9a1dbdd19d3e85ce81b28d6

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

feaser2347.club

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d15fd8c40ec6cf42ae42ca9b2d070628d126934dc2358661784669224f922647.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/384-2-0x000007FEFB9D1000-0x000007FEFB9D3000-memory.dmp
    Filesize

    8KB

  • memory/384-3-0x00000000002C0000-0x00000000002C7000-memory.dmp
    Filesize

    28KB