Analysis
-
max time kernel
148s -
max time network
164s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 20:59
General
-
Target
7441fa2e313bf2a468a7aae0d116a08eccca5664fc305d452cc1407342861c44.dll
-
Size
292KB
-
MD5
400556ebd08172b4c8710928c28cf3e7
-
SHA1
1271634148835b3cdeadca24768ca799979291b2
-
SHA256
7441fa2e313bf2a468a7aae0d116a08eccca5664fc305d452cc1407342861c44
-
SHA512
7edd44d3e84e8fc03f6d7e92e78315820b9554e005fe99ecd8d63509952efe1c4d4beb20ee82ae4a3fa24205dc8afda6dc9737019c27ed0c7a7178c5995eafef
Score
10/10
Malware Config
Extracted
Family
icedid
C2
pashamasha.top
pohindra.online
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
IcedID Second Stage Loader 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7441fa2e313bf2a468a7aae0d116a08eccca5664fc305d452cc1407342861c44.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7441fa2e313bf2a468a7aae0d116a08eccca5664fc305d452cc1407342861c44.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1588-54-0x0000000000000000-mapping.dmp
-
memory/1588-55-0x0000000075CF1000-0x0000000075CF3000-memory.dmpFilesize
8KB
-
memory/1588-56-0x0000000074830000-0x0000000074836000-memory.dmpFilesize
24KB
-
memory/1588-57-0x0000000074830000-0x0000000074884000-memory.dmpFilesize
336KB