icedid | 40f8e21ced35ee9ef36c81828cb464476e474c585c3da812cbf5569e43062f57 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
05-07-2022 21:52

Sharing

Report Analysis Logs

General

Target

40f8e21ced35ee9ef36c81828cb464476e474c585c3da812cbf5569e43062f57.dll
Size

13KB
MD5

06294a0afbe0d4053515971fd09ae62b
SHA1

b59cdfac0d7f2195916b7a075b10e3277ba944bf
SHA256

40f8e21ced35ee9ef36c81828cb464476e474c585c3da812cbf5569e43062f57
SHA512

74ef0ee9abb8bc0998234aaf50bbbb92c7177357cba921ce23bdc67d84c4ecff60c3d5de56368ef6369f7cb9d8c03e2ec821aea81935870d7193e3851a8916a5

Score

10^/10

icedid 1060798742 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1092 regsvr32.exe
1092 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\40f8e21ced35ee9ef36c81828cb464476e474c585c3da812cbf5569e43062f57.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1092-54-0x000007FEFBF51000-0x000007FEFBF53000-memory.dmp

Filesize
8KB

Download