Overview

overview

10

Static

static

7760b32aad...5e.dll

windows7_x64

1

7760b32aad...5e.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    18-04-2022 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e.dll

  • Size

    219KB

  • MD5

    f5f8b92ca19e43e9893315104b473892

  • SHA1

    97c1abd2e97ed3116d26ead856ab296ec9e298cb

  • SHA256

    7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e

  • SHA512

    541039d91d5b3c1a918f3c17aa4b338d211c7e45b48ced020d89d6fa159614b83f91b5c8cd7ba4f4ede46938f05018c12ecc06f1e320fd52e1684607b4a86b77

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

pashamasha.top

pohindra.online

propellerregis.top

reerwheels.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\7760b32aad54f7651898185b00c88b86717299f5b73be10df14fb748c1a1e35e.dll
      2⤵
        PID:924

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/924-130-0x0000000000000000-mapping.dmp
      Download
    • memory/924-131-0x0000000010000000-0x000000001004B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/924-132-0x0000000010000000-0x0000000010006000-memory.dmp
      Filesize

      24KB

      Download