Analysis

  • max time kernel
    91s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-06-2022 19:13

General

  • Target

    r7kom.dll

  • Size

    450KB

  • MD5

    3be46ad85ecaf1586a685b12a41bd488

  • SHA1

    0ed3ea1b5a3327bdb8371a084ba2b0d21c34c4e5

  • SHA256

    cb7c0d26b206c26f48a3c38a03e184fd9c0aee83f47047c67daff5c754bdf928

  • SHA512

    12ebf549ce7790b121c71e138878b5f6b4f9b53c3c9c460e40fdf493a96c00987b1252d2f011c4e38b984f7a2cfccce1046e0c5f6b8b04855d86aa1de890fe74

Malware Config

Extracted

Family

icedid

Campaign

3568430872

C2

alionavon.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\r7kom.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2200-130-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB