Overview

overview

10

Static

static

75aa737c57...9e.dll

windows7_x64

10

75aa737c57...9e.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    160s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17-04-2022 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75aa737c57170f7fbe485ffcdb1cfd3e850f28470085725800f8cb173231ab9e.dll

  • Size

    625KB

  • MD5

    f446cbf6a507d8d40677b846671a85ab

  • SHA1

    48a13826bd7e3ba6a24abadcf3ae4dcfcdd09d43

  • SHA256

    75aa737c57170f7fbe485ffcdb1cfd3e850f28470085725800f8cb173231ab9e

  • SHA512

    cf41217e8ebf8dd4707db07759e67bcce4af3cd87228d11c5645b7df97b342a419ff0050ec1d65a1ec01467c80d32acfc1ebe60249d94809711d9164feaf0b03

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

flathommy.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • Blocklisted process makes network request 14 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\75aa737c57170f7fbe485ffcdb1cfd3e850f28470085725800f8cb173231ab9e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\75aa737c57170f7fbe485ffcdb1cfd3e850f28470085725800f8cb173231ab9e.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:3264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3264-130-0x0000000000000000-mapping.dmp
    Download
  • memory/3264-131-0x00000000747E0000-0x00000000747E6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/3264-132-0x00000000747E0000-0x0000000074D81000-memory.dmp
    Filesize

    5.6MB

    Download