Analysis
-
max time kernel
33s -
max time network
40s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
31-05-2022 07:34
General
-
Target
6295c4fe148ad.dll
-
Size
480KB
-
MD5
3f7a7b648363742a6498588e338ea290
-
SHA1
7ed5e8cdf04d92f794b722bf09dbb661b34a052a
-
SHA256
381072d29730eb576f1e70fc66e24836153b0ffb3b221bc7f48249eea94fc0c0
-
SHA512
37f850c2cc33613c08782516bbbf508052274be757ee900c52fa9daae563ad011824271301e9f2e3edcd93cf9f0a447b794a593e9d0fb1ed6c4e858872635ef2
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2581925242
C2
uleoballs.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6295c4fe148ad.dll,#11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB