Analysis

  • max time kernel
    4294178s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    29-03-2022 20:58

General

  • Target

    bf5309d3536cb55f8a052ad35576866f.exe

  • Size

    104KB

  • MD5

    bf5309d3536cb55f8a052ad35576866f

  • SHA1

    db0d76c50077280cc66b6d7c0084472575c235f8

  • SHA256

    a1d05aa1324fdc04e7698fbc3a4f212013b2bf7d7531b317d0b76e832d97a841

  • SHA512

    ff06f9b89ca1e886887e5866f90775c2e56701491215e99d933b786ec75758095c00dba22ec5daba5a7ed1bdb3fab415ddb5922715bd3da32e237dca50ada4c8

Malware Config

Extracted

Family

icedid

Campaign

1798566902

C2

rivertimad.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID First Stage Loader 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf5309d3536cb55f8a052ad35576866f.exe
    "C:\Users\Admin\AppData\Local\Temp\bf5309d3536cb55f8a052ad35576866f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1808 -s 32
      2⤵
      • Program crash
      PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1684-55-0x0000000000000000-mapping.dmp
  • memory/1808-54-0x0000000140000000-0x000000014000B000-memory.dmp
    Filesize

    44KB