Overview

overview

10

Static

static

5a07bc16a6...2d.dll

windows7_x64

10

5a07bc16a6...2d.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    15-02-2022 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a07bc16a6c1039b8f45bee3738abae9b22a109efdfc4dc64366a4c1f7367a2d.dll

  • Size

    560KB

  • MD5

    61d99bdf6682fdc017e7dcd0b65cf5f8

  • SHA1

    68d7d45f4a63f3f49c7f7297f33894a74905769c

  • SHA256

    5a07bc16a6c1039b8f45bee3738abae9b22a109efdfc4dc64366a4c1f7367a2d

  • SHA512

    bf1225a2f6383e799663fc9e6c5d82e6f72c471e1d54d99ff30787b40e62b94362a06712f78ad5b25b321f9af8f439998139ff52e086e9c37dbb3dfb2623fbcc

Score
10/10
icedid3384076982bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

3384076982

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5a07bc16a6c1039b8f45bee3738abae9b22a109efdfc4dc64366a4c1f7367a2d.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1192 -s 244
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1176-58-0x0000000000510000-0x0000000000511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1192-55-0x000007FEFBD71000-0x000007FEFBD73000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1192-56-0x0000000000120000-0x000000000012F000-memory.dmp

    Filesize

    60KB

    Download