Overview

overview

10

Static

static

280e6951e8...93.dll

windows7_x64

10

280e6951e8...93.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17-04-2022 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    280e6951e877b078877f203f95d746e901bb05a8da57a6402f98859d72069693.dll

  • Size

    185KB

  • MD5

    6aab62cb31a02543cf3a1be0fa25c8c8

  • SHA1

    63b07c2d67b6c8f67499b8c5554949a9a8cce703

  • SHA256

    280e6951e877b078877f203f95d746e901bb05a8da57a6402f98859d72069693

  • SHA512

    f1a4363775bd02aafd8ac75a88678c55e3687000c3a23ea726ee6632f0672d4b301b6d2ee1db7256dedfd8364fffdb24ad7cf6bbd36f6888db2a52c879e32358

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

june85.cyou

golddisco.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\280e6951e877b078877f203f95d746e901bb05a8da57a6402f98859d72069693.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3768
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\280e6951e877b078877f203f95d746e901bb05a8da57a6402f98859d72069693.dll,#1
      2⤵
        PID:3784
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p
      1⤵
      • Drops file in System32 directory
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:396

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    2
    T1012

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3784-130-0x0000000000000000-mapping.dmp
      Download
    • memory/3784-131-0x0000000075010000-0x0000000075016000-memory.dmp
      Filesize

      24KB

      Download
    • memory/3784-132-0x0000000075010000-0x000000007504E000-memory.dmp
      Filesize

      248KB

      Download