Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    05-07-2022 21:52

General

  • Target

    40f8e21ced35ee9ef36c81828cb464476e474c585c3da812cbf5569e43062f57.dll

  • Size

    13KB

  • MD5

    06294a0afbe0d4053515971fd09ae62b

  • SHA1

    b59cdfac0d7f2195916b7a075b10e3277ba944bf

  • SHA256

    40f8e21ced35ee9ef36c81828cb464476e474c585c3da812cbf5569e43062f57

  • SHA512

    74ef0ee9abb8bc0998234aaf50bbbb92c7177357cba921ce23bdc67d84c4ecff60c3d5de56368ef6369f7cb9d8c03e2ec821aea81935870d7193e3851a8916a5

Malware Config

Extracted

Family

icedid

Campaign

1060798742

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\40f8e21ced35ee9ef36c81828cb464476e474c585c3da812cbf5569e43062f57.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1092-54-0x000007FEFBF51000-0x000007FEFBF53000-memory.dmp

    Filesize

    8KB