Overview

overview

10

Static

static

prob_3.dll

windows7-x64

10

prob_3.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2023 09:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    prob_3.dll

  • Size

    185KB

  • MD5

    87dc37e0edb39c077c4d4d8f1451402c

  • SHA1

    4a45780d3872ae1462a85e5f711f753260f8d7df

  • SHA256

    b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457

  • SHA512

    0c315c056ac2aec977cc80c7c53cf3a118ee86ced8203437eddff6a8e653256153e8469055b7efd40796c1e1695e346b6ca65d90d70fee248e4dd8166909389e

  • SSDEEP

    3072:uXpAQlUasEbieV/gltztsCvq2mv0u+EKX9E0JfHIQL:uXtUPvtsyqfCJJH7

Score
10/10
icedid2634746917bankerloadertrojan

Malware Config

Extracted

Family

icedid

Botnet

2634746917

C2

june85.cyou

golddisco.top
Attributes
  • auth_var

    4

  • url_path

    /audio/

Extracted

Family

icedid

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\prob_3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4280
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\prob_3.dll,#1
      2⤵
        PID:3668

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3668-132-0x0000000000000000-mapping.dmp
      Download
    • memory/3668-133-0x0000000074900000-0x0000000074906000-memory.dmp
      Filesize

      24KB

      Download
    • memory/3668-134-0x0000000074900000-0x000000007493E000-memory.dmp
      Filesize

      248KB

      Download