Overview

overview

10

Static

static

Fromware.dll.4.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    27-04-2022 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fromware.dll.4.dll

  • Size

    1000KB

  • MD5

    72e3a54ef288d301e51c7e962ffc8213

  • SHA1

    1f2ee2dcc17aeb3fd60baee69540ca73e135bc85

  • SHA256

    44cc69061248ec0671ce9462c4561bd376f1b14c3f8f9b1d9ca94918cd96cb21

  • SHA512

    f0e5e083c48483af8d5690a20c9cef9033257d08df23b84636c3bc49478fe51b94635f122b5e54540bfde1e6d508fa40e49ee5103d6970651ca57d44956ae8c6

Score
10/10
icedid3864687680bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3864687680

C2

yellwells.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fromware.dll.4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\system32\rundll32.exe
      rundll32 C:\Users\Admin\pycharmer.dll,PluginInit
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3168
    • C:\Windows\system32\rundll32.exe
      rundll32 C:\Users\Admin\pycharmer.dll,PluginInit
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\pycharmer.dll
    Filesize

    121KB

    MD5

    fa9c59738cf8c143009085696f9a0921

    SHA1

    84d295c6f2cb9b01c6c536bd629322c0bc5b5100

    SHA256

    aa99a141a4d0529c799bd2feef7bc86b2b227cf53c30e8a1ba1a4aae136a0d15

    SHA512

    cb96b31d860488d2dfcf4842ab3073b01280649a12297a720378fe4ca97dc1073ce6f8cd528212eab50abb571850031d2422a6a374cd7e587fa8b3b7bed13484

    Download Submit
  • C:\Users\Admin\pycharmer.dll
    Filesize

    121KB

    MD5

    fa9c59738cf8c143009085696f9a0921

    SHA1

    84d295c6f2cb9b01c6c536bd629322c0bc5b5100

    SHA256

    aa99a141a4d0529c799bd2feef7bc86b2b227cf53c30e8a1ba1a4aae136a0d15

    SHA512

    cb96b31d860488d2dfcf4842ab3073b01280649a12297a720378fe4ca97dc1073ce6f8cd528212eab50abb571850031d2422a6a374cd7e587fa8b3b7bed13484

    Download Submit
  • C:\Users\Admin\pycharmer.dll
    Filesize

    121KB

    MD5

    fa9c59738cf8c143009085696f9a0921

    SHA1

    84d295c6f2cb9b01c6c536bd629322c0bc5b5100

    SHA256

    aa99a141a4d0529c799bd2feef7bc86b2b227cf53c30e8a1ba1a4aae136a0d15

    SHA512

    cb96b31d860488d2dfcf4842ab3073b01280649a12297a720378fe4ca97dc1073ce6f8cd528212eab50abb571850031d2422a6a374cd7e587fa8b3b7bed13484

    Download Submit
  • memory/3168-130-0x0000000000000000-mapping.dmp
    Download
  • memory/3168-135-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download
  • memory/4772-131-0x0000000000000000-mapping.dmp
    Download