Analysis

  • max time kernel
    146s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 07:26

General

  • Target

    0973f6f6a3150d115f63c023a5208cfb.exe

  • Size

    13KB

  • MD5

    0973f6f6a3150d115f63c023a5208cfb

  • SHA1

    4c5b9ce6d6c3e11f6c11b12fc1465319facc8ea7

  • SHA256

    b3063a902d1acc5bdafb98a7976974ea2430b8d62d8aeb414cc3f2fab190dafa

  • SHA512

    9a7adb738ce42550f85de06578000603cf0e8d8f2b7556ff45c2db22d2b7b8fff79f12c5a3200e11bd6ca9ae01ee263fcc18d370b3d1dd12b1125496f25bdee7

  • SSDEEP

    192:eC+YPv6UOyDqZ1KcMzqTHG+3F+j7rT9z7VYe/7Vd/5A27E0mgGn:eev6UbqZ1K7zX+3q7PEe/7Vd227E0lM

Malware Config

Extracted

Family

icedid

Campaign

1776411935

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses ⋅ 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0973f6f6a3150d115f63c023a5208cfb.exe
    "C:\Users\Admin\AppData\Local\Temp\0973f6f6a3150d115f63c023a5208cfb.exe"
    Suspicious behavior: EnumeratesProcesses
    PID:1676

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Replay Monitor

                          00:00 00:00

                          Downloads