Analysis
-
max time kernel
4294178s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
12-03-2022 15:46
General
-
Target
2b7fb3f85ce2ac7167e780c8a9f60741d474a3f785e9f564ef0b8b106b733324.dll
-
Size
19KB
-
MD5
7dc7b8135515350b677e2ceefb966c20
-
SHA1
31295fb3590adcc0f58999a972e1ef53520deb3d
-
SHA256
2b7fb3f85ce2ac7167e780c8a9f60741d474a3f785e9f564ef0b8b106b733324
-
SHA512
a33cf4e68845c217bc71fa544e6ef542abd25818f724881f6c8400748927eb224f1f0644860dea65db99ab536d013ef1d1129a77567a822fbe25e5438bdb17cd
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2401334462
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\2b7fb3f85ce2ac7167e780c8a9f60741d474a3f785e9f564ef0b8b106b733324.dll1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1168 -s 2442⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB