Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
17-02-2022 10:59
General
-
Target
bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281.dll
-
Size
552KB
-
MD5
791779361e8db64ec7fbeb8b82d68ce7
-
SHA1
8632bff9f308fa57ae5bd1aad56b5ec8ff91f466
-
SHA256
bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281
-
SHA512
da4b1b98c6d190311cc5df10c91560a2818d8aa1707d9d77a8fe4275d99766ff29f3d39588b200986f3d0e5eb001a72b5b459f1e95e1e34d875ceb531d6079b4
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
412701809
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281.dll1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1504-114-0x0000000000E30000-0x0000000000E3F000-memory.dmpFilesize
60KB