Overview

overview

10

Static

static

Setup_Win_...44.exe

windows7-x64

10

Setup_Win_...44.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    126s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2023 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_Win_19-01-2023_17-07-44.exe

  • Size

    700.2MB

  • MD5

    0c66537c72dad87c0b85b9cdc2c06387

  • SHA1

    95e936a3e7869e6a76fa50878aef84b1d29a6733

  • SHA256

    f510006986e83d3fa51c7332d1971d616d07161d69b6669421d9529c763133a3

  • SHA512

    d60004c5299a4243bb0835cc77766d4cae97e72437972e1432c64eca32b78ec48d6609b65d84a7c2cf27f233eba78d53689aafe5829749f4110c9f3966b3aba8

  • SSDEEP

    3072:EYL6Tcr2SC+TneerVqkzGTx1HNWg++JW6pC5piSX7+iD08RbSh0ZZfSE4S:EYL6TE2S9TeeEkzk5NNHCrSsRL9R

Score
10/10
icedid1420576768bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1420576768

C2

plutoheadingo.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_Win_19-01-2023_17-07-44.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_Win_19-01-2023_17-07-44.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2024-54-0x0000000140000000-0x0000000140008000-memory.dmp
    Filesize

    32KB

    Download