Analysis

  • max time kernel
    4294218s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    19-03-2022 13:12

General

  • Target

    bde2484fa3891b6b76039fb19e90102ca67fdae7c9de2a6a4bec34ba340c70d6.dll

  • Size

    251KB

  • MD5

    348575b34fadd6b1196a1c7cb0659b2c

  • SHA1

    cb719b86267c1198573a0d9c383dd60d35469e2a

  • SHA256

    bde2484fa3891b6b76039fb19e90102ca67fdae7c9de2a6a4bec34ba340c70d6

  • SHA512

    ed67c1be12814ca5cb5d9dc299e8d168a2ab4b9c0ee0300a30093794b51cf9b9af4024f272634d05c8d9e858e887d030f0758b5f10ac44c4ee9527175aaed2fd

Malware Config

Extracted

Family

icedid

C2

asewter.site

armyguerro.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bde2484fa3891b6b76039fb19e90102ca67fdae7c9de2a6a4bec34ba340c70d6.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\bde2484fa3891b6b76039fb19e90102ca67fdae7c9de2a6a4bec34ba340c70d6.dll
      2⤵
        PID:2000

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2000-55-0x0000000075801000-0x0000000075803000-memory.dmp

      Filesize

      8KB

    • memory/2000-56-0x0000000074FC0000-0x0000000075019000-memory.dmp

      Filesize

      356KB

    • memory/2000-57-0x0000000000170000-0x00000000001F0000-memory.dmp

      Filesize

      512KB

    • memory/2000-58-0x0000000074FC0000-0x0000000074FC6000-memory.dmp

      Filesize

      24KB

    • memory/2032-54-0x000007FEFC411000-0x000007FEFC413000-memory.dmp

      Filesize

      8KB