Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
28-06-2022 19:42
General
-
Target
ta578_zippediso/r7kom.dll
-
Size
451KB
-
MD5
0a9f8e76f2a48094e7a96de6069766f8
-
SHA1
ddde4068dedc775c34e7399f75835e9aa67828d0
-
SHA256
557084e424ed21e67a70cca4aeb93a7137b651fa3927fc45c9cbdd7706239ae3
-
SHA512
d86122e7ba21e5f5dd71caa723f743181202b89362ba97e0e52d85e31b686afc506c1e72559f30d4ac6c293c9ae8693d188f4f7be143c8e5b9fb6324c3824f12
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3568430872
C2
alionavon.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ta578_zippediso\r7kom.dll,#11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1376-54-0x0000000180000000-0x0000000180009000-memory.dmpFilesize
36KB