Overview

overview

10

Static

static

30f81b3c11...85.dll

windows7_x64

10

30f81b3c11...85.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    4294223s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    19-03-2022 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30f81b3c11852fd03be50bc823241194fa0bc30c5f978b82bab5903361812c85.dll

  • Size

    152KB

  • MD5

    6bb4267b2fa66d9c21e4da4c3910cb8b

  • SHA1

    4d42447ecf663d022ee0b326ed5527d819bdd314

  • SHA256

    30f81b3c11852fd03be50bc823241194fa0bc30c5f978b82bab5903361812c85

  • SHA512

    efb6a259a87e0651584af08a78696a34da5848e584bae542094ba9eb99502b1063e5656e16379bc6c6affeb3cf6aaf18a83eba635f5c149a6c5d6323427d2f74

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

marcingranio.cyou

marzingranocny.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\30f81b3c11852fd03be50bc823241194fa0bc30c5f978b82bab5903361812c85.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:696
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\30f81b3c11852fd03be50bc823241194fa0bc30c5f978b82bab5903361812c85.dll
      2⤵
        PID:1076

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/696-54-0x000007FEFBF51000-0x000007FEFBF53000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1076-55-0x0000000076851000-0x0000000076853000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1076-56-0x0000000074B20000-0x0000000074B26000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1076-57-0x0000000074B20000-0x0000000074B5F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1076-58-0x0000000000170000-0x00000000001F0000-memory.dmp

      Filesize

      512KB

      Download