Analysis
-
max time kernel
615s -
max time network
1217s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
23-06-2022 13:01
General
-
Target
1111.dll
-
Size
858KB
-
MD5
f0b052dad1a3605cd3e6d044cd315388
-
SHA1
fe3d8f50b494f400bd47842d580343f38be6a04b
-
SHA256
4798655c9e1df924b92d224c53dce0e3e9028318a5fa6ee4e6bd9f0f32154cdd
-
SHA512
c8ee79ae9739c1486f0a89039b69afa6057d34bf39d2be58187d265662066c052776627fa58aa519e98c072704437fc3eaa190923e351414ef9a149509ff716b
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3289900935
C2
ilzenhwery.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1111.dll,#11⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32 1111.dll,RunObject3⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4156-166-0x0000000000000000-mapping.dmp
-
memory/4648-119-0x000002A670670000-0x000002A670692000-memory.dmpFilesize
136KB
-
memory/4648-140-0x000002A672C10000-0x000002A672C4C000-memory.dmpFilesize
240KB
-
memory/4648-151-0x000002A672CD0000-0x000002A672D46000-memory.dmpFilesize
472KB
-
memory/4800-169-0x0000000000000000-mapping.dmp
-
memory/4800-170-0x0000000180000000-0x0000000180009000-memory.dmpFilesize
36KB