Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    26-11-2021 04:43

General

  • Target

    0e242002e3e8597334cefd90e4a46bb68c528d5642ad4b39e9163a5134be3ac2.dll

  • Size

    171KB

  • MD5

    89d96985d6cb448bcc7c55065ce94810

  • SHA1

    7354192276c40b7e8fb2e756cb76b4377f94c312

  • SHA256

    0e242002e3e8597334cefd90e4a46bb68c528d5642ad4b39e9163a5134be3ac2

  • SHA512

    d165f992921d9ed3cb47e65c4bb6c30556c43f80ce6e74fbfddab03c7c365c3bba518e0e471499908f2eff252129e157c9922803220940fe2e940c3f8550ef39

Malware Config

Extracted

Family

icedid

Campaign

3122682570

C2

iningsessi.ink

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0e242002e3e8597334cefd90e4a46bb68c528d5642ad4b39e9163a5134be3ac2.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1376-55-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

    Filesize

    8KB

  • memory/1376-56-0x0000000000410000-0x0000000000473000-memory.dmp

    Filesize

    396KB