Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    11-05-2021 10:36

General

  • Target

    43557e1330e200583d0d833b7e18d7e708a3c0c2c36fe36dfec079ac3338676f.dll

  • Size

    231KB

  • MD5

    ca59f54a3c5ab7ab707c7bd266afedea

  • SHA1

    0e1c6dc17ec72f269ee3b2602d99d024184b47d6

  • SHA256

    43557e1330e200583d0d833b7e18d7e708a3c0c2c36fe36dfec079ac3338676f

  • SHA512

    770da21c8d737b532217f9e239d55a68c4c83ed571aec724e952999dd0398aeec5bd662b72f782d471e14db9e563e37ac606cb343d6ae97600aa5476383fd7ee

Malware Config

Extracted

Family

icedid

Campaign

1640767800

C2

jikkiaderwa.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\43557e1330e200583d0d833b7e18d7e708a3c0c2c36fe36dfec079ac3338676f.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1756-59-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp

    Filesize

    8KB

  • memory/1756-60-0x0000000000330000-0x0000000000376000-memory.dmp

    Filesize

    280KB