Overview

overview

10

Static

static

pss10r.chm

windows10-2004-x64

1

run.cmd

windows10-2004-x64

8

ver123.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    265s
  • max time network
    268s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-11-2022 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ver123.dll

  • Size

    96KB

  • MD5

    90bd30300647132d3cee650a69dbdc2f

  • SHA1

    fbb11e4c2623897d6a9e1ffa62d46bf7f5e85e3d

  • SHA256

    927a5893349cc3bdb8a4216d9dc42f0e3eb2f2451d0cf20572f0bba0a7a2c3b8

  • SHA512

    d3acf3b1ec37642af4bcaa952ba267a3ccf1777395f84f8beca6402a4ffaa617ed3d55af4f4c654c6b096f95df3f497aa36e40ac158262a9e1f90e6607655b54

  • SSDEEP

    1536:H/Uo2DoDZjinBQFp5iVp+O22D9YUSh9T9S6PDJUTfhIr083GY2:H/NhP5mpk2a7XsytW6083D2

Score
10/10
icedid1609463178bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1609463178

C2

trolspeaksunt.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ver123.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4464-132-0x0000020F7D950000-0x0000020F7D956000-memory.dmp
    Filesize

    24KB

    Download
  • memory/4464-133-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download