Overview

overview

10

Static

static

Invoice-09...re.bat

windows10-2004-x64

1

Invoice-09...ng.dll

windows10-2004-x64

10

Invoice-09...ts.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    241s
  • max time network
    244s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2022 15:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Invoice-09-27-document-352_ISO/bad/unpromising.dll

  • Size

    476KB

  • MD5

    77c5c18a9a131755198f532b2cea339f

  • SHA1

    05720f2649c1fe5b6b5f7a7675159c227a13d482

  • SHA256

    02347fb46156e8f43f223791ee37944c1cfc3ed729a97316ec2922308b577a57

  • SHA512

    2b24edf809a421ca2ffe7e6063ab10b7c47ee7a8c4be9fd23221f60db5b64f4ab2e9dc789be12aef3f1cec5d77cbfe7dc34d5e3222a16ce29b4c53eba14f2561

  • SSDEEP

    6144:PaOfpYZEFRrz9QeQAi2q7pDTyq1i6qQUevvtl1r5EYQ:BpWyRNiJ7pnyq1i6qzevxr5EYQ

Score
10/10
icedid973312338bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

973312338

C2

tezycronam.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Blocklisted process makes network request 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Invoice-09-27-document-352_ISO\bad\unpromising.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:4656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4656-132-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download
  • memory/4656-138-0x000002009B8A0000-0x000002009B8A6000-memory.dmp
    Filesize

    24KB

    Download