Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
10-02-2022 10:45
General
-
Target
3.dll
-
Size
569KB
-
MD5
eda4e741af2c0316ee18ad2651059d92
-
SHA1
5bd12244ddb2e6fde14bc67a66ef8d287e37a0d1
-
SHA256
50165bf93643c3ee448eb480217442f19567918b7ea98722bb404e7fea558a2b
-
SHA512
6268417a843c9a815fa49c1ed41a8736669f4ad47314a84b67c8eb70843b041b8925b839ec557315f576e603c8bef63664c7ac0d3fc06378a13d7c8f09489d55
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3825802847
C2
cleverballs.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\3.dll1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 964 -s 2442⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/268-56-0x0000000001D20000-0x0000000001D21000-memory.dmpFilesize
4KB
-
memory/964-53-0x000007FEFB711000-0x000007FEFB713000-memory.dmpFilesize
8KB
-
memory/964-54-0x0000000000120000-0x000000000012F000-memory.dmpFilesize
60KB