Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    05-05-2021 14:02

General

  • Target

    f6cbdf9232d177bbfa27bcd8d464379d.dll

  • Size

    86KB

  • MD5

    f6cbdf9232d177bbfa27bcd8d464379d

  • SHA1

    935e7713d6a2c51125e1035188cef4e1e052608e

  • SHA256

    e12a6841c7c44aa23530e348c6768d74a817e9c101e37907ed8956d392011a36

  • SHA512

    fcd03923cdbf330aabe5fc7de48e98b46258978095ed0e6bc0494d04da1d696637037a6e50e949e88d19e039466ba505170646b1aa569b881f96d04a4091f30d

Malware Config

Extracted

Family

icedid

Campaign

3717128962

C2

usaaforced.fun

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f6cbdf9232d177bbfa27bcd8d464379d.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1268-59-0x000007FEFB991000-0x000007FEFB993000-memory.dmp

    Filesize

    8KB

  • memory/1268-60-0x00000000002B0000-0x00000000002B7000-memory.dmp

    Filesize

    28KB