IcedID, BokBot

IcedID is a banking trojan capable of stealing credentials.

Process spawned unexpected child process

This typically indicates the parent process was compromised via an exploit or macro.

suricata: ET MALWARE Win32/IcedID Request Cookie

suricata: ET MALWARE Win32/IcedID Request Cookie

Blocklisted process makes network request

Downloads MZ/PE file