Overview

overview

10

Static

static

076da05987...39.dll

windows7_x64

10

076da05987...39.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    137s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19-02-2022 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    076da05987d7b49eaf6a5ba599117839.dll

  • Size

    559KB

  • MD5

    076da05987d7b49eaf6a5ba599117839

  • SHA1

    ca04036a3c15b57dd89421b265705f01aaa10c5a

  • SHA256

    841c94ef717b5fd39ee1bfe6cd80700080174b598376a6a393d0d36cac777f13

  • SHA512

    05e881a2ca730d55e130e45d981e80cfc7378753d6fe3ade62f3e7b949d9dab45dfa4d06d19e83995e81b9aabec516984795165f60a3bfaaaa5b09b2023c4cb5

Score
10/10
icedid1117948791bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1117948791

C2

reseptors.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\076da05987d7b49eaf6a5ba599117839.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1540 -s 284
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/332-57-0x0000000001F20000-0x0000000001F21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1540-54-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1540-55-0x0000000000130000-0x000000000013E000-memory.dmp

    Filesize

    56KB

    Download