Overview

overview

10

Static

static

40383cb8cf...07.dll

windows7_x64

10

40383cb8cf...07.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    172s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    07-05-2022 21:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40383cb8cf53f8b9baa508c7e5a7872121d84832131a77107e997cece72e9507.dll

  • Size

    287KB

  • MD5

    283001766ef46c1740ee882afcdbfdca

  • SHA1

    8ebeed9b7f198979a4700a0f406050c1d32d3c2d

  • SHA256

    40383cb8cf53f8b9baa508c7e5a7872121d84832131a77107e997cece72e9507

  • SHA512

    bf3cc6e35c3347ce631bf25a2d9499a02e1fb8449784ecfbf0e6d84433262c33a3e53c79f6f1b22d44bfc6449050488db28840580f6450acf1591edaa47f863d

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

loadpascal.asia

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\40383cb8cf53f8b9baa508c7e5a7872121d84832131a77107e997cece72e9507.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\40383cb8cf53f8b9baa508c7e5a7872121d84832131a77107e997cece72e9507.dll,#1
      2⤵
        PID:3456

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3456-130-0x0000000000000000-mapping.dmp
      Download
    • memory/3456-131-0x0000000075360000-0x0000000075405000-memory.dmp
      Filesize

      660KB

      Download
    • memory/3456-132-0x0000000075360000-0x0000000075366000-memory.dmp
      Filesize

      24KB

      Download