Overview

overview

10

Static

static

Attachment.jpg.lnk

windows7_x64

3

Attachment.jpg.lnk

windows10-2004_x64

10

z.ps1

windows7_x64

1

z.ps1

windows10-2004_x64

10

Analysis

  • max time kernel
    86s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    24-02-2022 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    z.ps1

  • Size

    264KB

  • MD5

    b9942f242fc7a5b191d369d62419427f

  • SHA1

    465d2a92253adda3da9c6141e972bdbb3581fd60

  • SHA256

    4bec4c4012eab37036844348e9d5df6e98e3f9dbd2be3a7b4dfd8ba78e8b5a2e

  • SHA512

    40484368690f992f64ea7b874202b71af278c11f131c5b128b3f8b1b34f93c801d99666466046dd0abf92bfce206d616a6014decf344c499962bb79515cad6f2

Score
10/10
icedid3976801418bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3976801418

C2

blinkenx.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • IcedID First Stage Loader 1 IoCs
    loader
  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\z.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4064-134-0x00007FFC4F683000-0x00007FFC4F685000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4064-135-0x00000232A9430000-0x00000232A9432000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4064-136-0x00000232A9380000-0x00000232A93A2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4064-140-0x00000232A9433000-0x00000232A9435000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4064-141-0x00000232A9436000-0x00000232A9438000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4064-162-0x00000232A9438000-0x00000232A943A000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4064-164-0x00000232C3300000-0x00000232C330B000-memory.dmp

    Filesize

    44KB

    Download