Overview

overview

10

Static

static

720df95ad8...2c.dll

windows7_x64

10

720df95ad8...2c.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    4294206s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    07-03-2022 10:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    720df95ad8c9e735994996b4f2f7e0722f0962bc429b6da34596713d3f02732c.dll

  • Size

    199KB

  • MD5

    6b2b44d68c394560e08edfc615e53ef1

  • SHA1

    c8dde11b1047d257bb823cb75af22932f0074ad7

  • SHA256

    720df95ad8c9e735994996b4f2f7e0722f0962bc429b6da34596713d3f02732c

  • SHA512

    92e9c495725011d38bb87a1938515a720e86d7dfdb93563999a721a40bbba8991c3a43ccdf937a86377b4c31679191f4c3d5b0fdfb09b3588e2b5621f0fb033b

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

rockercastle.best

moviecastle.club

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\720df95ad8c9e735994996b4f2f7e0722f0962bc429b6da34596713d3f02732c.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\720df95ad8c9e735994996b4f2f7e0722f0962bc429b6da34596713d3f02732c.dll
      2⤵
        PID:2044

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1208-54-0x000007FEFB7A1000-0x000007FEFB7A3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2044-55-0x00000000753E1000-0x00000000753E3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2044-56-0x0000000074360000-0x00000000743AA000-memory.dmp
      Filesize

      296KB

      Download
    • memory/2044-57-0x0000000000200000-0x0000000000201000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2044-58-0x0000000074360000-0x0000000074366000-memory.dmp
      Filesize

      24KB

      Download