Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-07-2022 17:34
General
-
Target
9TAzSK5f.dll
-
Size
536KB
-
MD5
0804193317e5caa22a799ef101dd8c3a
-
SHA1
2f9286c5833ffbb9233e77512372f31b499d7d45
-
SHA256
90e06ab57da0fdd785bca9eb0b2fa05027fe6e3498865e24c07f0366c92150e2
-
SHA512
70917660d06cde3da25f7751b9aed0133e47165faa432f3a23f18e47ce8ba87c7ba9f576f64f669eb1bc3d1819a4bf2e4429e92667e5d6fef21a9d3f916208f0
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
227378761
C2
blionarywesta.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9TAzSK5f.dll,#11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB