Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10_x64

10

unveilx64.tmp.dll

windows7_x64

10

unveilx64.tmp.dll

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    02-12-2021 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    unveilx64.tmp.dll

  • Size

    266KB

  • MD5

    3ae61ec5765cc564636444ef50074090

  • SHA1

    ad6cda28825457fa1768aaec6bb4971214cc5508

  • SHA256

    2c2552940a660ce57eb5527be40f4f139dbf862306cf08c90743a9f22d2cb15e

  • SHA512

    28d374770b8099d7e25473a88fbd06cc44b1f03cf818504d643b1fe5951bb9761630dde9691bfc5d2fbaf56368fa4010d7b5108d1d8148d20cc712555cee6464

Score
10/10
icedid1892568649bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1892568649

C2

normyils.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\unveilx64.tmp.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3664-118-0x0000000001200000-0x0000000001263000-memory.dmp
    Filesize

    396KB

    Download