Overview

overview

10

Static

static

135b57e035...8b.dll

windows7_x64

10

135b57e035...8b.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    4294177s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    07-03-2022 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    135b57e035af5443eefdf0295d4ce484f3c457e998b31d68475f967bd7987f8b.dll

  • Size

    226KB

  • MD5

    f11d36af7de031ec74c1dc88463fbcc8

  • SHA1

    d60350b69f6793c228132b0b3f6a5d9d5741f5e8

  • SHA256

    135b57e035af5443eefdf0295d4ce484f3c457e998b31d68475f967bd7987f8b

  • SHA512

    b4e5bf681c7624622cd937258af9b6465b837b89c12be3fa552103e4cd1744f2fd57ef7a63ecdbd2bc25e1c63fd174d91ed6fe41446bb712dde7010e69c35dd5

Score
10/10
icedidbankerloadertrojan

Malware Config

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\135b57e035af5443eefdf0295d4ce484f3c457e998b31d68475f967bd7987f8b.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:308
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\135b57e035af5443eefdf0295d4ce484f3c457e998b31d68475f967bd7987f8b.dll
      2⤵
        PID:1712

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/308-54-0x000007FEFB871000-0x000007FEFB873000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1712-55-0x0000000074E31000-0x0000000074E33000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1712-56-0x0000000074430000-0x000000007447C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1712-57-0x0000000000180000-0x0000000000181000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1712-58-0x0000000074430000-0x0000000074436000-memory.dmp
      Filesize

      24KB

      Download