Overview

overview

10

Static

static

1

4cc7663329...f7.exe

windows7-x64

10

4cc7663329...f7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-08-2023 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cc7663329f91a4d1f4b6779fe337f42e1eec71243fbcf02dfe35c7b27ddf0f7.exe

  • Size

    746KB

  • MD5

    3cd87c278d138730ea1e25bec37269ce

  • SHA1

    b12fc8516eefa22746b1f89fae8354cd921cd5c6

  • SHA256

    4cc7663329f91a4d1f4b6779fe337f42e1eec71243fbcf02dfe35c7b27ddf0f7

  • SHA512

    3054cf9f994ff824a6d68bf14ce0b9e5d8d52d47a4a3415b2d743dfeb8f72774c7c0f410be8019ff4a3e7d183aa167f47d40cf2f1b18e8fc2c4f4061267280cf

  • SSDEEP

    12288:70ay9GcCbbIBbDJSY/ID933D4wY4hZ1cwp6KlQJ/5Ok4yM/U22E:75y9VGkgwgnUwp6KMXapj

Score
10/10
icedid3965418973bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3965418973

C2

mineskateroff.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cc7663329f91a4d1f4b6779fe337f42e1eec71243fbcf02dfe35c7b27ddf0f7.exe
    "C:\Users\Admin\AppData\Local\Temp\4cc7663329f91a4d1f4b6779fe337f42e1eec71243fbcf02dfe35c7b27ddf0f7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/968-133-0x000001D87E830000-0x000001D87E871000-memory.dmp

    Filesize

    260KB

    Download

  • memory/968-135-0x000001D87E790000-0x000001D87E798000-memory.dmp

    Filesize

    32KB

    Download