Overview

overview

10

Static

static

data.dll

windows7_x64

10

data.dll

windows10_x64

10

Analysis

  • max time kernel
    88s
  • max time network
    1820s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    23-02-2022 00:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    data.dll

  • Size

    381KB

  • MD5

    d836f259c55c465bc4926c7b77ea2d40

  • SHA1

    dbd0d4e336360b92312801475d476020637e0cca

  • SHA256

    d4dd79d6d15a6d347984e79644c25063d3b12d9cd37e2d5dd4d587747330e54b

  • SHA512

    e4d9b98dec5b39483ad87417ac991bbf1e06ec81b7bf1499fcb48fcb7781fbb9420d8c80a4b7897d03f0780e4ca3c0bc364b174d002a41001e94dcbbaa96ea25

Score
10/10
icedid936086471bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

936086471

C2

reseptors.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\data.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1848
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4040
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1140
      • C:\Windows\system32\regsvr32.exe
        regsvr32 data.dll
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1848-172-0x0000000001310000-0x000000000131B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4040-119-0x000002BBF5A90000-0x000002BBF5AB2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4040-129-0x000002BBF59A0000-0x000002BBF59A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4040-128-0x00007FF9AD813000-0x00007FF9AD814000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4040-130-0x000002BBF59A3000-0x000002BBF59A5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4040-143-0x000002BBF67A0000-0x000002BBF67DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4040-154-0x000002BBF6CF0000-0x000002BBF6D66000-memory.dmp

    Filesize

    472KB

    Download