Overview

overview

10

Static

static

Extracted-Hex.dll

windows7-x64

10

Extracted-Hex.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2022 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Extracted-Hex.dll

  • Size

    243KB

  • MD5

    766fb7ca50d63897e7bb3a5c9659e2fd

  • SHA1

    c2139527666683e4371f3ed79beeaae7d98dcca2

  • SHA256

    e5591e357359405cef1b8d22901b5e844c0dc480a7d4b15324f21a2a17723aab

  • SHA512

    9d6dd458d2c3a59a713e31c1feb3cebb1125ed3f9f7e6f33f50a688383bf02af40f6885d6e64b51b596d1585d8fa27f84cf19dec44bd5941b403a492609dcde3

  • SSDEEP

    3072:VgyPm+PU16y0a724xuIKhloD+T2GhQOiEhzCOQJzkQhUzI3d2WhmEN:VZO+K6yhIyMvhG2QyK

Score
10/10
icedid809191839bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

809191839

C2

allozelkot.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Extracted-Hex.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1956-54-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1956-60-0x0000000000120000-0x0000000000126000-memory.dmp
    Filesize

    24KB

    Download