Analysis

  • max time kernel
    5s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    06-05-2021 18:26

General

  • Target

    36919e6f27708c1fb53a693e7e6dd14fa8c0bd119825e.dll

  • Size

    231KB

  • MD5

    6a8b0d96b3d8236e46e04538bb7314d7

  • SHA1

    2a93bb52744ec63a8defcc9f7036ebcf36ad98f8

  • SHA256

    36919e6f27708c1fb53a693e7e6dd14fa8c0bd119825e4eaa7a442b33a5dc5b2

  • SHA512

    efd04dbc9fef097c8edc85bf82c74584c2018731ff26d20b75ebe0de5c5d24dd0bba7a95806945e68675805447304a9ca11e1505e34b34048388fcf6e49247c1

Malware Config

Extracted

Family

icedid

Campaign

1640767800

C2

jikkiaderwa.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\36919e6f27708c1fb53a693e7e6dd14fa8c0bd119825e.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1496-60-0x000007FEFC051000-0x000007FEFC053000-memory.dmp
    Filesize

    8KB

  • memory/1496-61-0x00000000001D0000-0x0000000000216000-memory.dmp
    Filesize

    280KB