Overview

overview

10

Static

static

s4pesa.dll

windows7_x64

10

s4pesa.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    90s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    30-06-2022 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    s4pesa.dll

  • Size

    734KB

  • MD5

    aba62452db477f8e6a5503fb5498df1b

  • SHA1

    930d331cb05ef1cdeed525426f2ebd3b1f6adebf

  • SHA256

    8576e05949fb3682e93b4f9b899bf4724656c4758c6b8d90877326f5f4798dfe

  • SHA512

    af8d83795866f6f0b5ef7344704bab6a4c55933c3c048d4d67bb2a9437a25ea7216224e4659a0b55e774ca858468c598067ddea66270437a986af62bfad0887d

Score
10/10
icedid3652318967bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\s4pesa.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:4576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4576-130-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB

    Download