Overview

overview

10

Static

static

344c6aed99...9a.dll

windows7_x64

10

344c6aed99...9a.dll

windows10_x64

10

Analysis

  • max time kernel
    82s
  • max time network
    117s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    11-05-2021 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    344c6aed9945a611ec6e8dba62e7c0c4a0bd8ef573acde4498ee946dc5ab0d9a.dll

  • Size

    231KB

  • MD5

    ec44edc07b4a918d8066e51a086a433b

  • SHA1

    7f502df0e3bbb3bad9ace7569c9a1fa61eb16bd2

  • SHA256

    344c6aed9945a611ec6e8dba62e7c0c4a0bd8ef573acde4498ee946dc5ab0d9a

  • SHA512

    6b93c7d8dc0e03e33f03066f2d9057e7b3643632b6b9ec770489ecc2d042781846de6fbd56b74149a0fc326299b63f8ca08e707c004fdf651d4c5565e21b2b24

Score
10/10
icedid1640767800bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

1640767800

C2

jikkiaderwa.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\344c6aed9945a611ec6e8dba62e7c0c4a0bd8ef573acde4498ee946dc5ab0d9a.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3540-114-0x0000000000660000-0x00000000006A6000-memory.dmp

    Filesize

    280KB

    Download