Analysis

  • max time kernel
    5s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    24-03-2021 19:17

General

  • Target

    4c1d8d024cd5c7de09ded10620371b1c.dll

  • Size

    52KB

  • MD5

    4c1d8d024cd5c7de09ded10620371b1c

  • SHA1

    d622a2598d4801497265f4d545ca73ad75c90470

  • SHA256

    a9ce226a503ab7b3c31d52198eecf8c203e875d2a41f77f143abe26bcd1afe6a

  • SHA512

    1576bfd2eb42d43c504b2c01d7e58dd4240a20541538dad3a0effd85f9abaa666126c5795dc60ff73455f7b0c350341fda4fd615208a9177e5ef4ec25277c849

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

feaser2347.club

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4c1d8d024cd5c7de09ded10620371b1c.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1056-2-0x000007FEFB8A1000-0x000007FEFB8A3000-memory.dmp
    Filesize

    8KB

  • memory/1056-3-0x0000000000130000-0x0000000000137000-memory.dmp
    Filesize

    28KB