Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
25-05-2022 21:53
General
-
Target
b4a0138a637e4f800e62d91923dc7f77809ab6bf8f27d621502cbe82b06db485.dll
-
Size
13KB
-
MD5
e67a59efdb77392a37fdfc2c37db1391
-
SHA1
5599ea9e45eaeae3985bda51e35befc6c78cc098
-
SHA256
b4a0138a637e4f800e62d91923dc7f77809ab6bf8f27d621502cbe82b06db485
-
SHA512
e96cef3386767f2a00dd066f7646487a69be87388c7a1e468bb05b45ecd9172031ff87f9286545ae2bab70818e33ead255ebf63f37af97d9370320791519f961
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
168463318
rsa_pubkey.plain
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\b4a0138a637e4f800e62d91923dc7f77809ab6bf8f27d621502cbe82b06db485.dll1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1900-54-0x000007FEFC061000-0x000007FEFC063000-memory.dmpFilesize
8KB
-
memory/1900-55-0x0000000000120000-0x0000000000179000-memory.dmpFilesize
356KB