Overview

overview

10

Static

static

s4pesa/documents.lnk

windows7_x64

10

s4pesa/documents.lnk

windows10-2004_x64

10

s4pesa/s4pesa.dll

windows7_x64

10

s4pesa/s4pesa.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    29-06-2022 15:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    s4pesa/s4pesa.dll

  • Size

    731KB

  • MD5

    4259380320bcfe7d3065f0e82257e36c

  • SHA1

    39e0b78813cb2b7f337338375469efad9ba2a79e

  • SHA256

    8522e424d1742369c5e2700d194ad5d53d91b4864c3fddd74ac630b4249c1a87

  • SHA512

    9137960f54302c4dfdd6bab68b977ca4649461c209d583a0c2e284d8b056cfc316d447570a3c8c1d6422a8d93c0bea217210e4f81cc3fb518148b70f750b3195

Score
10/10
icedid3652318967bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\s4pesa\s4pesa.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/532-54-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB

    Download