icedid | 94e8bd8ae6eb93e98766ebf23949b05b85de3c7680f7a267c5f02c75e932ca6f

Analysis

max time kernel
560s
max time network
404s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 18:06

Target

TYnvUcnF.dll
Size

452KB
MD5

be51a22cc677228d574e7d7603565d12
SHA1

213d0341cae78a368b124889ac965e40a938278e
SHA256

ae98813034867301438cbc9326d707a0a1169a21b5a66e22447079325ea58b97
SHA512

072da1814e145a3d82ef9886c25dd0f82b5c519477434a58180ae5c861e052c613455f7a167ffe94aceb1b08a4e5820490aafb237e1fb819de0fc0e8e6a9bea2
SSDEEP

6144:IcwOnhu0n/yvHtFxTv80J0TET7FWQ+ItFMu5P1rh/I9I1ezFxsbxBFtfCnYL635z:IkyfS0Gn21epxsvqYL85oS

Score

10^/10

Family

icedid

Campaign

775636601

aviadronazhed.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1708	rundll32.exe
1708	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\TYnvUcnF.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1708

memory/1708-54-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download
memory/1708-60-0x00000000001A0000-0x00000000001A6000-memory.dmp

Filesize
24KB

Download