Overview

overview

10

Static

static

mal_0.bin.dll

windows7_x64

10

mal_0.bin.dll

windows10_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    03/01/2022, 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mal_0.bin.dll

  • Size

    179KB

  • MD5

    11b28ecbd7ade350eee6d25b6fae707c

  • SHA1

    10e85bf7c61223f43d0d2fdebd4c5a35a5156539

  • SHA256

    8578d45fd02aceddc838ff94e21b10a29deb3e2cc92099c9b54802504c88a56a

  • SHA512

    6b27ec9dd3c0dbeae2b14ad927a09f8c6347b2c29ff675859e1a42723b077a8f840d74a292008aa037bc4759350e0f6c5deff7962809847fd1bdcd1041873d97

Score
10/10
icedid2507181075bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

2507181075

C2

vopnoz.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\mal_0.bin.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3192
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3192 -s 540
      2⤵
      • Suspicious use of NtCreateProcessExOtherParentProcess
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3192-115-0x00007FF6D35D0000-0x00007FF6D35D9000-memory.dmp

    Filesize

    36KB

    Download