Overview

overview

10

Static

static

1

Contract_0...81.exe

windows7-x64

10

Contract_0...81.exe

windows10-2004-x64

10

Resubmissions

08/03/2023, 00:19

230308-amkxjsce2s 10

05/03/2023, 07:48

230305-jnk4daga67 10

Analysis

  • max time kernel
    599s
  • max time network
    590s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2023, 00:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Contract_02_28_Scan#281.exe

  • Size

    286KB

  • MD5

    958bcd0ad0e363b5654c44eeb7e675fe

  • SHA1

    ad524dcb31eda568b276f2af80cb3996f5c35be3

  • SHA256

    cf3ccda4faf8ee78a9d65cd7ac61283a170ef4b4f18054362c4cd2d6d3a52be8

  • SHA512

    26add44228437a8b2bbdaffc5b72b23dfb9e6a38dd026ce6afa6d4f6c14bb86dff83d787b1e36baf05e5b4c28c1e74a39770c15bc89a371d4caa21b9e95100de

  • SSDEEP

    6144:bVVhBoNGz8Rf7NPTY5e3wogq3tWQKLcH1AAdUj8J96j7wWFR3rERjGeoiea8l3fe:3hBoNGz8Rf7NPTY5e3wogq3tWQKLcH1z

Score
10/10
icedid3277407947bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3277407947

C2

hrowerknifi.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Contract_02_28_Scan#281.exe
    "C:\Users\Admin\AppData\Local\Temp\Contract_02_28_Scan#281.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1052

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1052-133-0x0000000140000000-0x0000000140008000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1052-140-0x0000000002360000-0x0000000002361000-memory.dmp

          Filesize

          4KB

          Download