Overview

overview

10

Static

static

076da05987...39.dll

windows7_x64

10

076da05987...39.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    19-02-2022 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    076da05987d7b49eaf6a5ba599117839.dll

  • Size

    559KB

  • MD5

    076da05987d7b49eaf6a5ba599117839

  • SHA1

    ca04036a3c15b57dd89421b265705f01aaa10c5a

  • SHA256

    841c94ef717b5fd39ee1bfe6cd80700080174b598376a6a393d0d36cac777f13

  • SHA512

    05e881a2ca730d55e130e45d981e80cfc7378753d6fe3ade62f3e7b949d9dab45dfa4d06d19e83995e81b9aabec516984795165f60a3bfaaaa5b09b2023c4cb5

Score
10/10
icedid1117948791bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1117948791

C2

reseptors.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Drops file in Windows directory 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\076da05987d7b49eaf6a5ba599117839.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2256
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2256-133-0x0000000003090000-0x000000000309E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4604-130-0x0000020733D60000-0x0000020733D70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4604-131-0x0000020734320000-0x0000020734330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4604-132-0x0000020736990000-0x0000020736994000-memory.dmp

    Filesize

    16KB

    Download