Analysis
-
max time kernel
4294178s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
30-03-2022 00:17
General
-
Target
ed8c7d85f22fbb139b20f21cde9431e063db2cfa2b29dd3ac6a2ab7586c988fe.dll
-
Size
346KB
-
MD5
71a11d2f8242a2ef3ba2420f163eba0d
-
SHA1
d040c1633eba01dbd75b2f6dad3da677480984e8
-
SHA256
ed8c7d85f22fbb139b20f21cde9431e063db2cfa2b29dd3ac6a2ab7586c988fe
-
SHA512
6c8f5a1564f9579ccf7732a107847c01e16631e60ba108a846296039fadb6670ce530e3ac28d77a9706146734587f0c09a9949fd2140f535af50de1b10528975
Score
10/10
Malware Config
Extracted
Family
icedid
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
IcedID First Stage Loader 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\ed8c7d85f22fbb139b20f21cde9431e063db2cfa2b29dd3ac6a2ab7586c988fe.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\ed8c7d85f22fbb139b20f21cde9431e063db2cfa2b29dd3ac6a2ab7586c988fe.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1824-55-0x0000000000000000-mapping.dmp
-
memory/1824-56-0x0000000075E61000-0x0000000075E63000-memory.dmpFilesize
8KB
-
memory/1824-57-0x0000000074340000-0x0000000074346000-memory.dmpFilesize
24KB
-
memory/1860-54-0x000007FEFB771000-0x000007FEFB773000-memory.dmpFilesize
8KB