Overview

overview

10

Static

static

3

12477b117f...11.dll

windows7-x64

10

12477b117f...11.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    161s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2023 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12477b117fa97bc5723f5e796ed76a11.dll

  • Size

    313KB

  • MD5

    12477b117fa97bc5723f5e796ed76a11

  • SHA1

    d4851602a60e878c5e43c548c6fe8ed670f84df1

  • SHA256

    0abbc51344d6b5f489d664fe024aa472b1e76592aa883ed777b23db550f9f94e

  • SHA512

    13beaac2d31719a1cc394793265c6b54ea83cb9b3e528a9289d30c02859b8677b53192e7a55190b2fb9c4fe321fc553f571d6199fca1b6bce1024f740a861202

  • SSDEEP

    3072:sb+2Xqz9iqQvgFEahrOombc/q72r7PnAhCB/:I+2Xqz9ivICYrOombc/q72r7PnAG

Score
10/10
icedid2925066312bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2925066312

C2

barcafokliresd.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\12477b117fa97bc5723f5e796ed76a11.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2732-0-0x0000000002E40000-0x0000000002E86000-memory.dmp
    Filesize

    280KB

    Download