Analysis
-
max time kernel
312s -
max time network
401s -
platform
windows10_x64 -
resource
win10-20220310-en -
submitted
11-03-2022 17:03
General
-
Target
document.lnk
-
Size
2KB
-
MD5
a7ec43a3bd10d95a788f79c20ab8796f
-
SHA1
5c165fedae74c0ef60104772dc82f34520e1ff6f
-
SHA256
a17e32b43f96c8db69c979865a8732f3784c7c42714197091866473bcfac8250
-
SHA512
69eb3fd86ddf68e14f37dc7e862a9accf389b64c2a009c292da324bb63414453b51c6206845a1c364df0658288265a111900bbd09a50a920788dda67ccd6f2b2
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2401334462
C2
emicthatmov.top
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\document.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start regsvr32.exe main.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe main.dll3⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2740-118-0x0000000000BF0000-0x0000000000BFB000-memory.dmpFilesize
44KB