Overview

overview

10

Static

static

2d1655895c...46.dll

windows7_x64

10

2d1655895c...46.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19-02-2022 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d1655895c0dde4bc010c51b9b878c46.dll

  • Size

    570KB

  • MD5

    2d1655895c0dde4bc010c51b9b878c46

  • SHA1

    fb73914210b56c020a816325b3a5adb185e8f3ee

  • SHA256

    0f5fbad82dae02e2a48775762f8ff0eb067eb4f81ce637607ac893d4e0c613b3

  • SHA512

    08947de9e604fde5ef451302ba0591999aa864f96577986cdeebe2f9325e2f936940deb413bf872c94e9007c9997fd036f25a30208f763cfd163860b624aeed1

Score
10/10
icedid1117948791bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

1117948791

C2

reseptors.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d1655895c0dde4bc010c51b9b878c46.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1880 -s 284
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1380-57-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1880-54-0x000007FEFC3C1000-0x000007FEFC3C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1880-55-0x0000000000130000-0x000000000013E000-memory.dmp

    Filesize

    56KB

    Download