Analysis
-
max time kernel
126s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
16-02-2022 13:48
General
-
Target
HUBzaedwKZmf.dll
-
Size
815KB
-
MD5
cbe01f7b59cb028d55e02e2a91277820
-
SHA1
479c7c4c5fb5a1d6de5f3d0f648afff6ed3120d8
-
SHA256
acede4e871ff7ebeda48cd568f8761e7129ed6f596cccbbdce7634e58ecbd7e8
-
SHA512
722a4b458d8d5c4776d0a2f49861c92fe6268ee40efd775744e123fdfec97c8b75ed6781b84b47f5f0f407251518fc88b3b289d77cf98632cfff1c9c48449a65
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3417632220
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\HUBzaedwKZmf.dll1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1516 -s 2442⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
56KB