Analysis

  • max time kernel
    139s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2022 15:51

General

  • Target

    866364f529dbcaf4c23c814d9400d441.dll

  • Size

    672KB

  • MD5

    866364f529dbcaf4c23c814d9400d441

  • SHA1

    61beed8fbbabe4860beb020310de10d54aeaedc6

  • SHA256

    acdd6bc482cd6d0c6f4cd96633017f0914693858123b8cb01d5fceff9abf85f1

  • SHA512

    56e2e62767cd5c109399e79b65e57931d07ee0420b4b01f9c1d31e0ea3e312f0dd68392f0ad21daf1cfb90636d2e66194c3b3a67f8cda46438ffc223af26eb45

  • SSDEEP

    12288:ik6bSzrCEhwrC8yIJrlwgOW9xwMGwy0w7w4wJ+wwwZwb8bewf+HwddBlvm:ik6mPXR0gI7m

Malware Config

Extracted

Family

icedid

Campaign

2399258081

C2

eysneolissionsm.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\866364f529dbcaf4c23c814d9400d441.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-54-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

  • memory/1724-60-0x0000000000100000-0x0000000000106000-memory.dmp
    Filesize

    24KB