Overview

overview

10

Static

static

invoice_101.iso

windows10_x64

3

document.lnk

windows10_x64

10

main.dll

windows10_x64

10

Analysis

  • max time kernel
    312s
  • max time network
    401s
  • platform
    windows10_x64
  • resource
    win10-20220310-en
  • submitted
    11-03-2022 17:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    document.lnk

  • Size

    2KB

  • MD5

    a7ec43a3bd10d95a788f79c20ab8796f

  • SHA1

    5c165fedae74c0ef60104772dc82f34520e1ff6f

  • SHA256

    a17e32b43f96c8db69c979865a8732f3784c7c42714197091866473bcfac8250

  • SHA512

    69eb3fd86ddf68e14f37dc7e862a9accf389b64c2a009c292da324bb63414453b51c6206845a1c364df0658288265a111900bbd09a50a920788dda67ccd6f2b2

Score
10/10
icedid2401334462bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

2401334462

C2

emicthatmov.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\document.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c start regsvr32.exe main.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Windows\system32\regsvr32.exe
        regsvr32.exe main.dll
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2740

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2740-118-0x0000000000BF0000-0x0000000000BFB000-memory.dmp

    Filesize

    44KB

    Download