icedid | 800e53e7acb97419f42d8c82e9c34a2810ebbbe98058f580719ab83e70be435c

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2023 09:24

Target

problem_2.dll
Size

178KB
MD5

0defacf9edf30d2f5abe16fef26d92ac
SHA1

1d0e229fe28c42cf25f4f688bad9925864a08193
SHA256

800e53e7acb97419f42d8c82e9c34a2810ebbbe98058f580719ab83e70be435c
SHA512

5f98b4fa840da710af2581fc91999596cfe10d0fc3eb25922cd5d13669abeb070169e95fe9690010d085da34f09fe0c873266b948eab3d1dada3a47571b61e6a
SSDEEP

3072:dRNOtBIEa2A/k3xTCD4xugYOpddiT+t1xLyRlu94OApLnjWEV2rdSu:rNQIEaH/W80xugYOpHiT+t10Rlu943kd

Score

10^/10

Family

icedid

qapoloki.cyou

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 2 IoCs

loader

Processes:

resource	yara_rule
behavioral2/memory/432-133-0x0000000075510000-0x0000000075516000-memory.dmp	IcedidFirstLoader
behavioral2/memory/432-134-0x0000000075510000-0x0000000075548000-memory.dmp	IcedidFirstLoader

Blocklisted process makes network request 13 IoCs

Processes:

rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3092 wrote to memory of 432	3092	rundll32.exe	rundll32.exe
PID 3092 wrote to memory of 432	3092	rundll32.exe	rundll32.exe
PID 3092 wrote to memory of 432	3092	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\problem_2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\problem_2.dll,#1
2⤵
- Blocklisted process makes network request
PID:432

memory/432-132-0x0000000000000000-mapping.dmp

Download
memory/432-133-0x0000000075510000-0x0000000075516000-memory.dmp

Filesize
24KB

Download
memory/432-134-0x0000000075510000-0x0000000075548000-memory.dmp

Filesize
224KB

Download