Analysis
-
max time kernel
51s -
max time network
146s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
07-07-2022 17:17
General
-
Target
4ed58427c7e923557f6568bdd4fbd4335397879e858d11f814f94ef431df5413.dll
-
Size
536KB
-
MD5
347df7d0cc0e46b7d9e456620da7a439
-
SHA1
f709e49aef0449a8437ab6f6d0f8458f7de1fd64
-
SHA256
4ed58427c7e923557f6568bdd4fbd4335397879e858d11f814f94ef431df5413
-
SHA512
4d521661c0992dab67ced8446b1c232da6afda2f3687bded8b491160eef9549746c310225ae016b5a1185f1c398a17cff8ab8c843abcd704af4c1d2d9a8754a6
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
227378761
C2
blionarywesta.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4ed58427c7e923557f6568bdd4fbd4335397879e858d11f814f94ef431df5413.dll,#11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB