Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
18-04-2022 13:32
General
-
Target
a972a8ae782932ebf6e10c05670ccc188610155609a18a184de1f51cab710b74.dll
-
Size
185KB
-
MD5
b675121a49abe071f9717615e929bb76
-
SHA1
cce9c2e53b85cfb72607d2ad208b864800b26448
-
SHA256
a972a8ae782932ebf6e10c05670ccc188610155609a18a184de1f51cab710b74
-
SHA512
0cb33bb7ecb6e2009739847bdb6d9eeae47014da80771eb7f1f292bbb4aca3d1fc8c1a3a88e36d7dfedbcce8c084b0e1796ffab5e69ff47d4567c3f9324991e1
Score
10/10
Malware Config
Extracted
Family
icedid
C2
june85.cyou
golddisco.top
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
IcedID Second Stage Loader 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a972a8ae782932ebf6e10c05670ccc188610155609a18a184de1f51cab710b74.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a972a8ae782932ebf6e10c05670ccc188610155609a18a184de1f51cab710b74.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1924-54-0x0000000000000000-mapping.dmp
-
memory/1924-55-0x0000000075B61000-0x0000000075B63000-memory.dmpFilesize
8KB
-
memory/1924-56-0x0000000075140000-0x0000000075146000-memory.dmpFilesize
24KB
-
memory/1924-57-0x0000000075140000-0x000000007517E000-memory.dmpFilesize
248KB