Analysis

  • max time kernel
    4294180s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    19-03-2022 21:49

General

  • Target

    4cd93797e162d5ae1940d4f754552ee9cf597f8aff9f667b2bfeae0e63168bd5.dll

  • Size

    177KB

  • MD5

    5df7b2447c58d5b45c2842b02854391b

  • SHA1

    d65b7b7a2f83cddf3a2b3ce048acaf4f2ee2aa37

  • SHA256

    4cd93797e162d5ae1940d4f754552ee9cf597f8aff9f667b2bfeae0e63168bd5

  • SHA512

    25fbce62e93cd1fd35467467195c55ed006b9c40fc7828bf029c68aa138acf14f0064815e60540426e99472c554903404eaeb0943fe9d96fc0b33e5eb4627308

Malware Config

Extracted

Family

icedid

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4cd93797e162d5ae1940d4f754552ee9cf597f8aff9f667b2bfeae0e63168bd5.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\4cd93797e162d5ae1940d4f754552ee9cf597f8aff9f667b2bfeae0e63168bd5.dll
      2⤵
        PID:1772

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1772-55-0x0000000076AC1000-0x0000000076AC3000-memory.dmp

      Filesize

      8KB

    • memory/1772-56-0x0000000075040000-0x0000000075049000-memory.dmp

      Filesize

      36KB

    • memory/1808-54-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

      Filesize

      8KB