Overview

overview

10

Static

static

602401d67b...21.dll

windows7_x64

10

602401d67b...21.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    4294179s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    30-03-2022 00:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    602401d67bdfeb52272b4efb68ce04ecdb64899fc80c3becca7af2be720f7b21.dll

  • Size

    346KB

  • MD5

    ab202b9a0ba99317d3e694895386bfc7

  • SHA1

    dfa69c460e20615192212cc781c6a6011190c310

  • SHA256

    602401d67bdfeb52272b4efb68ce04ecdb64899fc80c3becca7af2be720f7b21

  • SHA512

    863814222aea2310240a5febbcdf15f769079ab143262cfeae2b794a851df90162045bde5669747c6b3fc35330463840b2b26253bab28d59f1c4c76572a154ab

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\602401d67bdfeb52272b4efb68ce04ecdb64899fc80c3becca7af2be720f7b21.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\602401d67bdfeb52272b4efb68ce04ecdb64899fc80c3becca7af2be720f7b21.dll
      2⤵
        PID:1824

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1100-54-0x000007FEFB561000-0x000007FEFB563000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1824-55-0x0000000000000000-mapping.dmp
      Download
    • memory/1824-56-0x0000000074F31000-0x0000000074F33000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1824-57-0x0000000074100000-0x0000000074106000-memory.dmp
      Filesize

      24KB

      Download