Overview

overview

10

Static

static

17e8d92687...15.dll

windows7_x64

10

17e8d92687...15.dll

windows10_x64

10

Analysis

  • max time kernel
    39s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    24-03-2021 18:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17e8d92687f4274fc75cf77c2a571401b7c1fd29e3fa9adf342fc9a3bf927715.dll

  • Size

    79KB

  • MD5

    035dc493eaabdb0cdeafadfacbe192c1

  • SHA1

    b0d47193f9c52f791733d8f1a39a76379e105598

  • SHA256

    17e8d92687f4274fc75cf77c2a571401b7c1fd29e3fa9adf342fc9a3bf927715

  • SHA512

    f3bb0046b7753f84b5ce1a2440abdfe5c2919db11604801b891fff485fdb41de031cf338223a88075ba055de04ffc41463a57ecad6e06d2639a4b58ac1d61d59

Score
10/10
icedid1211238709bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

912caporers.fun

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17e8d92687f4274fc75cf77c2a571401b7c1fd29e3fa9adf342fc9a3bf927715.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-2-0x000007FEFB891000-0x000007FEFB893000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2008-3-0x00000000003B0000-0x00000000003B7000-memory.dmp
    Filesize

    28KB

    Download