Overview

overview

10

Static

static

6849p005.dll

windows7-x64

10

6849p005.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-11-2022 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6849p005.dll

  • Size

    91KB

  • MD5

    e93adbd7ef31f56b0debb57d3f5c0d6a

  • SHA1

    5e116882001fcbe343d409d742d08151c18ed433

  • SHA256

    01a0c5704317c28d31607db9a2b484faa214dd3b0781fa201ba27d3d7dbb9b60

  • SHA512

    d0dca9e8bcc6109aeef9ca3a3dce4372c773c6d5cad15f8d05e4f5527e635abb685000b64e38fd8207904a457d2d542692b94123bcbd2d698d266f66fc70a28a

  • SSDEEP

    1536:Skmo3Uy3PEXX01u4APFIzO55RGh8WKAYNvWEAueFPCV70W0GIQqcch9ypqlh/vYL:P3UyfEXXTKqMh8sYNvWEAnQ90Sqccjyx

Score
10/10
icedid1292139634bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1292139634

C2

oiurkastarting.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6849p005.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4932-132-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download
  • memory/4932-138-0x000002A3F0980000-0x000002A3F0986000-memory.dmp
    Filesize

    24KB

    Download