Triage | Behavioral Report

Analysis

max time kernel
126s
max time network
129s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 07:00

Sharing

Report Files Registry Network Processes Mutex Misc

General

Target

indecisions.db.dll
Size

476KB
MD5

481ad12b470dbbf517cd7c0d57853e25
SHA1

724b2ad2e315d0bc0ce77f7127d77e91a22c3460
SHA256

55405ffd41378e8f9cadac13bb5eac0128c332dd8993d3b8e83e1a1f412cb7fb
SHA512

ec243a2fd0a1a44e7701f14a7023a7ecb575e7847614b26895cb72ad6369b93911965bdc85cffe56b2717e1353d078388fce2935cee613706adf3ad8197cdc32
SSDEEP

6144:ehowRmpalgwWrQk2wT7Byq1i6qZksSiOmvQeQEe9O:emwUpalgwbtq7sq1i6qqsSIjeA

Score

10^/10

icedid 3228182693 banker loader trojan

Malware Config

Extracted

Family	icedid
Campaign	3228182693
C2	tezycronam.com tezycronam.com

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Blocklisted process makes network request ⋅ 3 IoCs

Processes:

rundll32.exe

flow pid process

2 864 rundll32.exe
4 864 rundll32.exe
5 864 rundll32.exe
Suspicious behavior: EnumeratesProcesses ⋅ 2 IoCs

Processes:

rundll32.exe

pid process

864 rundll32.exe
864 rundll32.exe

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\indecisions.db.dll,#1

Blocklisted process makes network request
Suspicious behavior: EnumeratesProcesses

PID:864

Network

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Replay Monitor

00:00 00:00

Downloads

memory/864-54-0x0000000180000000-0x0000000180009000-memory.dmp

Download
memory/864-60-0x0000000000290000-0x0000000000296000-memory.dmp

Download