icedid | ee758459375c285ead4df29b1d2de2c514426bbde79cb2d0b563258324060767

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 19:57

Target

Contract_March_23_INV#398.exe
Size

387KB
MD5

7341d040f097c8eb909f603edda9699b
SHA1

d3b5147d611b2c0e8d137dda2d54ae466803f822
SHA256

ee758459375c285ead4df29b1d2de2c514426bbde79cb2d0b563258324060767
SHA512

8baf61aed27ebc8f35334b18eb91c01dcabafca5ac0fb17e41aaeac19afb03528f468cdb76fdcdfacab5df52d3b675df2eb3b4d016bbf0b382314fb7a89a5f62
SSDEEP

6144:C/e3ejdNii66Gg5rYQqQgLafzES2IFEY9yH0Njxp98gD/xDK9az6xJNDpDShxUQE:seo3iidjrYEgLUE+JBxPNmJND0o1

Score

10^/10

Family

icedid

Campaign

73743838

aoureskindzet.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Contract_March_23_INV#398.exe

pid process

5056 Contract_March_23_INV#398.exe
5056 Contract_March_23_INV#398.exe

pid	process
5056	Contract_March_23_INV#398.exe
5056	Contract_March_23_INV#398.exe

C:\Users\Admin\AppData\Local\Temp\Contract_March_23_INV#398.exe
"C:\Users\Admin\AppData\Local\Temp\Contract_March_23_INV#398.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5056

memory/5056-133-0x00000249996F0000-0x00000249996F8000-memory.dmp

Filesize
32KB

Download
memory/5056-134-0x0000024999740000-0x0000024999774000-memory.dmp

Filesize
208KB

Download