Triage | Behavioral Report

Analysis

max time kernel
139s
max time network
142s
platform
windows10_x64
resource
win10v20210408
submitted
07-05-2021 16:01

Sharing

Report Analysis Logs

General

Target

dd6d136055296abfc6f94c8ae1d039042c603fb1d0938.dll
Size

234KB
MD5

fecf84576b7b6cdc64e5cf839db18c3b
SHA1

32fffb167d3e20a15731cb137dde2fa2fbc1bdf2
SHA256

dd6d136055296abfc6f94c8ae1d039042c603fb1d0938a75d446c86d1f4636d4
SHA512

0c7cdf1e70c085306c89d4e577f3492a427082ce73bede460fb80759d3a3b976ea7f666c19f7871b4283788132bd671135933ce7e561da7eb4eec5e50941da3b

Score

10^/10

icedid 3042509645 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3042509645

C2

dsedertyhuiokle.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

804 regsvr32.exe
804 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dd6d136055296abfc6f94c8ae1d039042c603fb1d0938.dll
- Suspicious behavior: EnumeratesProcesses
PID:804

Network

MITRE ATT&CK Matrix

Replay Monitor

00:00 00:00

Downloads

memory/804-114-0x0000000001400000-0x0000000001446000-memory.dmp

Filesize
280KB

Download