Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2024 02:59

General

  • Target

    451963dd665cd79febd9719ab584508f.exe

  • Size

    268KB

  • MD5

    451963dd665cd79febd9719ab584508f

  • SHA1

    f6ef29271e2decedb690cd16e6868f4003b79ff2

  • SHA256

    c501656de205e3f4e511ad15279ced2dbeaf3f3d794fee02c6ebed322e0dcc85

  • SHA512

    48ba1df500952fe34b25db29e492a0bb76f7546dc585ea1e67cf276c3d84c943ddba22df001ce19e7d38461c38a1a9daf48fae81b9d53ea880a43e45f4edccc9

  • SSDEEP

    3072:msrPfC/9e+X6Mju6CEjdXlYhGW6P+5sjNDhQceI6sJF75hP1zTYde:PrKU466CIWhsjsce237RcM

Malware Config

Extracted

Family

icedid

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • IcedID Second Stage Loader 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\451963dd665cd79febd9719ab584508f.exe
    "C:\Users\Admin\AppData\Local\Temp\451963dd665cd79febd9719ab584508f.exe"
    1⤵
      PID:4460

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4460-0-0x0000000000490000-0x00000000005D6000-memory.dmp

      Filesize

      1.3MB

    • memory/4460-1-0x0000000000970000-0x0000000000971000-memory.dmp

      Filesize

      4KB

    • memory/4460-2-0x0000000000490000-0x00000000005D6000-memory.dmp

      Filesize

      1.3MB

    • memory/4460-4-0x0000000000970000-0x0000000000971000-memory.dmp

      Filesize

      4KB