Analysis
-
max time kernel
46s -
max time network
145s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
07-07-2022 17:20
General
-
Target
d8fc52aea2828c5195d9643509138b1607fee84d9dd6297770e9d19f3b7d20a4.dll
-
Size
534KB
-
MD5
cf2923ac651d5ec8f8bd48733b5eee6d
-
SHA1
e6003df35cb912f233526162413b672adafb5423
-
SHA256
d8fc52aea2828c5195d9643509138b1607fee84d9dd6297770e9d19f3b7d20a4
-
SHA512
e8124d12a4aeb3925d0014082e1bd213c43f4a500abb0ada00435265670fb26ba61024261c57662b3d406741d7c5fd0807fc31959e55489ed027b8859d438ba4
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
227378761
C2
blionarywesta.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8fc52aea2828c5195d9643509138b1607fee84d9dd6297770e9d19f3b7d20a4.dll,#11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1816-117-0x0000000180000000-0x0000000180009000-memory.dmpFilesize
36KB