Analysis

  • max time kernel
    129s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    19-03-2022 16:17

General

  • Target

    a174a9aa2b27b3b2ad8e4d493ecc785245e0bba9411c116395be62c23be3388c.dll

  • Size

    217KB

  • MD5

    14ec40d516f74cf7ce9b9d3f00e316f5

  • SHA1

    6d8408be726557bebee5e68c35288cb5ef11ada8

  • SHA256

    a174a9aa2b27b3b2ad8e4d493ecc785245e0bba9411c116395be62c23be3388c

  • SHA512

    bfb00c20a811584ccdc442ec5748ef076fab4fb97287d84625e089e931099e90b78116591d880f84c2d492b94410448874fa99a9308fd360b491813dd09b0962

Malware Config

Extracted

Family

icedid

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a174a9aa2b27b3b2ad8e4d493ecc785245e0bba9411c116395be62c23be3388c.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3776
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\a174a9aa2b27b3b2ad8e4d493ecc785245e0bba9411c116395be62c23be3388c.dll
      2⤵
        PID:2528

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2528-135-0x0000000000B90000-0x0000000000B91000-memory.dmp

      Filesize

      4KB

    • memory/2528-134-0x0000000074EC0000-0x0000000074F06000-memory.dmp

      Filesize

      280KB

    • memory/2528-136-0x0000000074EC0000-0x0000000074EC9000-memory.dmp

      Filesize

      36KB