Resubmissions
25-02-2022 13:47
220225-q324rsgce5 1025-02-2022 13:42
220225-qz4hesgcd7 125-02-2022 07:59
220225-jvqbnsgfen 1024-02-2022 18:59
220224-xm42radec7 1Analysis
-
max time kernel
4294298s -
max time network
299s -
platform
windows7_x64 -
resource
win7-20220223-en -
submitted
25-02-2022 07:59
General
-
Target
data.dll
-
Size
635KB
-
MD5
037108e76aea0fb082896b0dfa806a8a
-
SHA1
cc1035bbb80813ba53ae7ad74b8649a4c696e9a1
-
SHA256
90c29a66209be554dfbd2740f6a54d12616da35d0e5e4af97eb2376b9d053457
-
SHA512
ebb5fb84a4a1e654de8f7d38dc22d0586266ae58baee9304cd290ba34bcdf8328c7c3c0c243bc996e5e6134fa3aa0948bfc8651259fd3f258722e0da525d9971
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
952864090
C2
biglaneat.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\data.dll1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1940 -s 2602⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1400-57-0x0000000001DE0000-0x0000000001DE1000-memory.dmpFilesize
4KB
-
memory/1940-54-0x000007FEFB5B1000-0x000007FEFB5B3000-memory.dmpFilesize
8KB
-
memory/1940-55-0x00000000001A0000-0x00000000001AB000-memory.dmpFilesize
44KB