Analysis
-
max time kernel
4294212s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
24-03-2022 19:22
General
-
Target
01fcd9b0a5316bd432dc7e889a07fbfed672f4121c6be1d97c7dc29a6a4ebaf4.dll
-
Size
208KB
-
MD5
56ff3fa59ad51e68f27a7fc8dac0764f
-
SHA1
9e78f1745c92cb28de9cca746180f0dac7244edc
-
SHA256
01fcd9b0a5316bd432dc7e889a07fbfed672f4121c6be1d97c7dc29a6a4ebaf4
-
SHA512
9b10788340238ae7bc0cf9dc64e9aac7ce6bef2a335bf0283c949f81f477b9c44fc0dcf2b54c9f0b485a5c12e6d0fe5a5ea61695dae088097248f0f8736d3dbb
Score
10/10
Malware Config
Extracted
Family
icedid
C2
rockercastle.best
moviecastle.club
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
IcedID Second Stage Loader 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\01fcd9b0a5316bd432dc7e889a07fbfed672f4121c6be1d97c7dc29a6a4ebaf4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\01fcd9b0a5316bd432dc7e889a07fbfed672f4121c6be1d97c7dc29a6a4ebaf4.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/856-54-0x0000000000000000-mapping.dmp
-
memory/856-55-0x0000000075CA1000-0x0000000075CA3000-memory.dmpFilesize
8KB
-
memory/856-56-0x0000000074AC0000-0x0000000074AC6000-memory.dmpFilesize
24KB
-
memory/856-57-0x0000000074AC0000-0x0000000074B06000-memory.dmpFilesize
280KB