Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    06-05-2021 18:26

General

  • Target

    36919e6f27708c1fb53a693e7e6dd14fa8c0bd119825e.dll

  • Size

    231KB

  • MD5

    6a8b0d96b3d8236e46e04538bb7314d7

  • SHA1

    2a93bb52744ec63a8defcc9f7036ebcf36ad98f8

  • SHA256

    36919e6f27708c1fb53a693e7e6dd14fa8c0bd119825e4eaa7a442b33a5dc5b2

  • SHA512

    efd04dbc9fef097c8edc85bf82c74584c2018731ff26d20b75ebe0de5c5d24dd0bba7a95806945e68675805447304a9ca11e1505e34b34048388fcf6e49247c1

Malware Config

Extracted

Family

icedid

Campaign

1640767800

C2

jikkiaderwa.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\36919e6f27708c1fb53a693e7e6dd14fa8c0bd119825e.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3872-114-0x00000000025A0000-0x00000000025E6000-memory.dmp
    Filesize

    280KB