Analysis

  • max time kernel
    91s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    09/07/2022, 03:23

General

  • Target

    929b88d46394f84149e7f5c59d254a0b10d88384708c95e40260c38c61051cff.dll

  • Size

    534KB

  • MD5

    d05b1e033590181e8101e326c01570fc

  • SHA1

    e991f6840ad43f2deb06a4c04e4412f34a5c5eab

  • SHA256

    929b88d46394f84149e7f5c59d254a0b10d88384708c95e40260c38c61051cff

  • SHA512

    63c27e2d3209816cd3b3e117ae6ffffa8b5fb199d1d59bb7c824d16aa6981ccdfc5415b4484fd0fd83a4bfc2b47dac2604f073462b4c055adcf7b1a013b5d775

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\929b88d46394f84149e7f5c59d254a0b10d88384708c95e40260c38c61051cff.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:3724

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3724-130-0x0000000180000000-0x0000000180009000-memory.dmp

          Filesize

          36KB