Overview

overview

10

Static

static

78059dd2dc...51.dll

windows7_x64

10

78059dd2dc...51.dll

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    24-11-2021 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78059dd2dce93a6e0680eead8d21922f5ab8dfeea5de690563f42af9f9beab51.dll

  • Size

    106KB

  • MD5

    f5700af8aedfaf85d7872daef5b8715a

  • SHA1

    558d0f8580141a46cd95ae1577f0d9e87b3ce8d9

  • SHA256

    78059dd2dce93a6e0680eead8d21922f5ab8dfeea5de690563f42af9f9beab51

  • SHA512

    7422e591616f66d578d7c59e0c14c6674181da75fe0e37f942adc51c1027ed38b8cae3eaf4fb71c820b5845366c731d7ea6435563417ece85edbbe40a55d8203

Score
10/10
icedid629506243bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

629506243

C2

lascakatheather.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\78059dd2dce93a6e0680eead8d21922f5ab8dfeea5de690563f42af9f9beab51.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1520-55-0x000007FEFBAB1000-0x000007FEFBAB3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1520-56-0x00000000001A0000-0x00000000001FB000-memory.dmp
    Filesize

    364KB

    Download