Overview

overview

10

Static

static

dd6d136055296a...38.dll

windows7_x64

10

dd6d136055296a...38.dll

windows10_x64

10
General
Target

dd6d136055296abfc6f94c8ae1d039042c603fb1d0938.dll

Filesize

234KB

Completed

07-05-2021 16:04

Task

behavioral2

Score
10/10
MD5

fecf84576b7b6cdc64e5cf839db18c3b

SHA1

32fffb167d3e20a15731cb137dde2fa2fbc1bdf2

SHA256

dd6d136055296abfc6f94c8ae1d039042c603fb1d0938a75d446c86d1f4636d4

SHA256

0c7cdf1e70c085306c89d4e577f3492a427082ce73bede460fb80759d3a3b976ea7f666c19f7871b4283788132bd671135933ce7e561da7eb4eec5e50941da3b

Malware Config

Extracted

Family

icedid
Campaign

3042509645
C2

dsedertyhuiokle.top
Signatures 2

Filter: none

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • Suspicious behavior: EnumeratesProcesses
    regsvr32.exe

    Reported IOCs

    pidprocess
    804regsvr32.exe
    804regsvr32.exe
Processes 1
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dd6d136055296abfc6f94c8ae1d039042c603fb1d0938.dll
    Suspicious behavior: EnumeratesProcesses
    PID:804
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • memory/804-114-0x0000000001400000-0x0000000001446000-memory.dmp

                            Download