Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    11-05-2022 05:49

General

  • Target

    3cbc08dc4f11379f6e080a7b6dad3e2f7c53202e08f461100f4ce4f5b869811a_unpacked.dll

  • Size

    13KB

  • MD5

    f425f1defd562e22a3a62fb5bc141cb1

  • SHA1

    d7bfce77cad7d605e35538c2501a522015e3e3c2

  • SHA256

    63770070208c532df8a7d41a391faff7c5280814bebd13b0b935f0fa80fc8e27

  • SHA512

    693385bea3207cb2d3eaca0b57c46f70e9ded1b9abc1dc490cee0ca63921abcb37ae95f9b2023e00acbc754cbff781632dccba0629efd8141642e6818d3d354a

Malware Config

Extracted

Family

icedid

Campaign

3000901376

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3cbc08dc4f11379f6e080a7b6dad3e2f7c53202e08f461100f4ce4f5b869811a_unpacked.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1528-54-0x000007FEFC3E1000-0x000007FEFC3E3000-memory.dmp

    Filesize

    8KB