icedid | 939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871 | Triage

Analysis

max time kernel
4294178s
max time network
127s
platform
windows7_x64
resource
win7-20220311-en
submitted
19-03-2022 11:29

Sharing

Report Analysis Logs

General

Target

939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871.dll
Size

326KB
MD5

25da777ea2fa0c4c4b8c63a56cb01260
SHA1

4825ecd5a271db4bb96be50a4a91ae57896b974e
SHA256

939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871
SHA512

50eef55b472325345d9565b47941aa1879e43408352f6cd3c419e8f587f319cce8a54a155f133101f07a1236dc127e01f7409ac52d04b746721e8cd883b28b31

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/956-55-0x00000000748D0000-0x00000000748D9000-memory.dmp	IcedidFirstLoader
behavioral1/memory/956-56-0x00000000748D0000-0x0000000074937000-memory.dmp	IcedidFirstLoader

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 892 wrote to memory of 956	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 956	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 956	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 956	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 956	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 956	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 956	892	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\939f3a7451c792fd30d4940bb4e44f78c3ce42522c0f4391efd2ec868bfea871.dll,#1
2⤵
PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/956-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download
memory/956-55-0x00000000748D0000-0x00000000748D9000-memory.dmp

Filesize
36KB

Download
memory/956-56-0x00000000748D0000-0x0000000074937000-memory.dmp

Filesize
412KB

Download
memory/956-57-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download