icedid | 034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a | Triage

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-04-2022 09:42

Sharing

Report Analysis Logs

General

Target

034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a.dll
Size

185KB
MD5

e58ddf98177c97259920dce7c84a32cc
SHA1

a805db2a378e6f43456f7f1a5818aade13446a2c
SHA256

034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a
SHA512

9da3259c64fe875af06d3367194b9158d13e54ab4df027cda8c0ad9606a72629d7677acb711c69567e61f4bb0be20219082d6e172d4e1e01895db10629e23f17

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

june85.cyou

golddisco.top

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1524-56-0x0000000075460000-0x0000000075466000-memory.dmp	IcedidSecondLoader
behavioral1/memory/1524-57-0x0000000075460000-0x000000007549E000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 736 wrote to memory of 1524	736	rundll32.exe	rundll32.exe
PID 736 wrote to memory of 1524	736	rundll32.exe	rundll32.exe
PID 736 wrote to memory of 1524	736	rundll32.exe	rundll32.exe
PID 736 wrote to memory of 1524	736	rundll32.exe	rundll32.exe
PID 736 wrote to memory of 1524	736	rundll32.exe	rundll32.exe
PID 736 wrote to memory of 1524	736	rundll32.exe	rundll32.exe
PID 736 wrote to memory of 1524	736	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\034b320baf14ce7c3c2d1b891ece94e5e51d5d4c1ec1ac672e7ae50c419df03a.dll,#1
2⤵
PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1524-54-0x0000000000000000-mapping.dmp

Download
memory/1524-55-0x0000000076851000-0x0000000076853000-memory.dmp

Filesize
8KB

Download
memory/1524-56-0x0000000075460000-0x0000000075466000-memory.dmp

Filesize
24KB

Download
memory/1524-57-0x0000000075460000-0x000000007549E000-memory.dmp

Filesize
248KB

Download