Analysis
-
max time kernel
42s -
max time network
103s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
04-05-2022 17:00
General
-
Target
6557f5eecf1df5c7835d2ed88f99b52503873c6307b946b15d81a1e5a885c87a.dll
-
Size
490KB
-
MD5
ccc7f68d2dbd6801dde30ff57e5c0c2b
-
SHA1
3899e2803ec9666b17684d1cd42931bb55a8f9e1
-
SHA256
6557f5eecf1df5c7835d2ed88f99b52503873c6307b946b15d81a1e5a885c87a
-
SHA512
26c47fec58849d42b107ee9ba7c1b3326aee5339d3865e1d795dff596dc4a1458a480d4dd884306a4e884ef033240c6269cad4461d283cfb9a5bf2d703ce234f
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3467965077
C2
firenicatrible.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\6557f5eecf1df5c7835d2ed88f99b52503873c6307b946b15d81a1e5a885c87a.dll1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1948 -s 2442⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1204-56-0x0000000000000000-mapping.dmp
-
memory/1948-54-0x000007FEFBEF1000-0x000007FEFBEF3000-memory.dmpFilesize
8KB
-
memory/1948-55-0x00000000003C0000-0x00000000003CE000-memory.dmpFilesize
56KB