Analysis

  • max time kernel
    7s
  • max time network
    10s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    06-05-2021 17:02

General

  • Target

    b1b2f07c3591c95c15323a819077fb06.dll

  • Size

    41KB

  • MD5

    b1b2f07c3591c95c15323a819077fb06

  • SHA1

    033abd9bef9cbfb0a0697cd3a0d33e3489c82926

  • SHA256

    0031ebaf8613ea25a949b6da84414169ff96172207d29741eadc3907e869fc17

  • SHA512

    cb29ad44b85eb37ecc5b8844da102240175f388ad004c2599e24a4044578982861ede66d4f3aa99931ffff01ea3dd82934862a5cccd14a92ee94fd1930e899d8

Malware Config

Extracted

Family

icedid

Campaign

2941843931

C2

dsedertyhuiokle.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b1b2f07c3591c95c15323a819077fb06.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/684-60-0x000007FEFB9F1000-0x000007FEFB9F3000-memory.dmp
    Filesize

    8KB

  • memory/684-61-0x0000000000420000-0x000000000046D000-memory.dmp
    Filesize

    308KB