Overview

overview

10

Static

static

1

Document_3...0).exe

windows7-x64

10

Document_3...0).exe

windows10-2004-x64

Analysis

  • max time kernel
    42s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    10/02/2023, 20:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Document_3243_(Feb10).exe

  • Size

    705.5MB

  • MD5

    104e4f8c105ba8b25e37ac57c278e409

  • SHA1

    ed25172f9290f11c1efdfc94b4893fa04068e7ce

  • SHA256

    49af8e57c45fa8fd5da9854e11c4ae5adae58eca64354be68d274d421b2b4164

  • SHA512

    ef569457243373f5d2e1be0310dee440322a209edcf2a756f770d333bc88a11403393873a7f87df05caf0099074e772011eca84133312cedc5b30b812f886423

  • SSDEEP

    6144:2zoqFM6Bvl/6SreaG9j8Sxu1KNT7bTy9u0sx5cqvuS3tPUj/oht0dznm4ZbGk:NOM6BZKaGV8Sxptysdcof0dzN

Score
10/10
icedid3227791210bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3227791210

C2

staringgeipod.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Document_3243_(Feb10).exe
    "C:\Users\Admin\AppData\Local\Temp\Document_3243_(Feb10).exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1628

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1628-54-0x0000000001C90000-0x0000000001C98000-memory.dmp

          Filesize

          32KB

          Download