Analysis

  • max time kernel
    122s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 07:00

General

  • Target

    indecisions.db.dll

  • Size

    476KB

  • MD5

    481ad12b470dbbf517cd7c0d57853e25

  • SHA1

    724b2ad2e315d0bc0ce77f7127d77e91a22c3460

  • SHA256

    55405ffd41378e8f9cadac13bb5eac0128c332dd8993d3b8e83e1a1f412cb7fb

  • SHA512

    ec243a2fd0a1a44e7701f14a7023a7ecb575e7847614b26895cb72ad6369b93911965bdc85cffe56b2717e1353d078388fce2935cee613706adf3ad8197cdc32

  • SSDEEP

    6144:ehowRmpalgwWrQk2wT7Byq1i6qZksSiOmvQeQEe9O:emwUpalgwbtq7sq1i6qqsSIjeA

Malware Config

Extracted

Family

icedid

Campaign

3228182693

C2

tezycronam.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\indecisions.db.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4964-132-0x0000017EF0CE0000-0x0000017EF0CE6000-memory.dmp
    Filesize

    24KB

  • memory/4964-133-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB