Overview

overview

10

Static

static

984374.dll

windows7_x64

10

984374.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    28-06-2022 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    984374.dll

  • Size

    450KB

  • MD5

    5c5225ab892d1d04f1a5a5b49f0ae7ea

  • SHA1

    300ab922b3cee202c5f5ecba347605c9ce3dac57

  • SHA256

    e0f3f6bf4f8dbd247caa8d8b8961e0b7c48d277f2b16b4a65e05a2ee9464cb55

  • SHA512

    9c97b900bb78a5e37d515e8640ab92b73211beabff9aa0f078fb1bd7e0fc189e3c20d808a1bf581e918f1fb559dea36b101b70f52c0f40229a86d4fff6db8d0a

Score
10/10
icedid1858953668bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1858953668

C2

qrenasursa.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\984374.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1948-54-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB

    Download