Analysis

  • max time kernel
    72s
  • max time network
    75s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    29-06-2022 18:55

General

  • Target

    p3roms.dll

  • Size

    734KB

  • MD5

    84adaf9bc6b39ac9f588a2546b4cff84

  • SHA1

    b7a1bf50279f3762a269a6725a37aba36dfcafcd

  • SHA256

    06aadc1b1beff569d05afc7e993e97351330e6e8719f5618ccce5760860d0816

  • SHA512

    4b72e74375df26c52ead4f7af1f364a39c1cdd4d4ed95676fa8193d2de00eaba0d79d93e83235e0df6ae17f69351a1517d4adf516429158a1a5cf071726849fa

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\p3roms.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:4320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4320-114-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB