Overview

overview

10

Static

static

document-85285.iso

windows7-x64

3

document-85285.iso

windows10-2004-x64

3

documents-7847.lnk

windows7-x64

8

documents-7847.lnk

windows10-2004-x64

8

habitablen...ts.png

windows7-x64

3

habitablen...ts.png

windows10-2004-x64

3

templates642.dll

windows7-x64

10

templates642.dll

windows10-2004-x64

10

yurts.cmd

windows7-x64

8

yurts.cmd

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-10-2022 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    templates642.dll

  • Size

    209KB

  • MD5

    b7ac80cc2a2e7a6600a24b11447d3d04

  • SHA1

    62546db755551b4f908de86d8f76f827b984739b

  • SHA256

    52ecf29aed6b1f9b5143d744200ea2ead8852333cf22923a3d4bb8c621b28f82

  • SHA512

    c2061cc667d21b6a530c99e27e73c7b700cedc90266decc50faeb1fa9970da8bdfc295446cec29914bd016493b2c3e35c85c5823c838aafc768b0d58161a1a8f

  • SSDEEP

    3072:xbuthvfN+sgUYHivhjZB6307kpwKIt6f063CdnTaC/a1m:xbuttfN+rqukASc1ydn8m

Score
10/10
icedid106570377bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

106570377

C2

seedhlumening.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\templates642.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/744-132-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB

    Download

  • memory/744-138-0x0000017A561F0000-0x0000017A561F6000-memory.dmp

    Filesize

    24KB

    Download