Analysis
-
max time kernel
198s -
max time network
219s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
19-05-2022 11:16
General
-
Target
nerol3.dll
-
Size
634KB
-
MD5
da15f2de43f2df16ea07adf3b2424bac
-
SHA1
44c7d4abd240045e79ce9add5a84fbf07033e3f7
-
SHA256
e8159b1cc7d56945d77037837be466a7363a7963d1256e9acbcdd6e0e0806899
-
SHA512
357981c9dd9faa5326d653eccfebeb54b59f9a2abfc3e0e4bf63032ee982d83bc94c5a5225a1ce8d483d18cf3b72050e696c90bf6ce02fc5bcbec3a46c853384
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3118344709
C2
speratinda.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\nerol3.dll,#11⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe nerol3.dll,PluginInit2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2280-130-0x0000000000000000-mapping.dmp
-
memory/2280-131-0x0000000180000000-0x0000000180009000-memory.dmpFilesize
36KB