Analysis
-
max time kernel
41s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-07-2022 18:15
General
-
Target
5ecbff4e5c7f9a21e9dcef7752ca4250.dll
-
Size
815KB
-
MD5
5ecbff4e5c7f9a21e9dcef7752ca4250
-
SHA1
d25be788a4604ce96e698406e9b3b58ad15146db
-
SHA256
3dc661144d51f66bc5a1e2fbdba241374ed8cd6b4ff9abde9dbee1a587b47704
-
SHA512
916f6622496afbc4a1c974d414a706a1099c31e0e096ba306288d277134bee1e69d50d13346f06c1e991fc9f3d563796acb980886f943c4fba4c884a62026333
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
4105767744
C2
frodupshopping.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ecbff4e5c7f9a21e9dcef7752ca4250.dll,#11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB