icedid | 0cf89c759064b298ec0a1d9fda5c651b58bc7f89665eb4dea0778c2611e110d1

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 21:13

Target

98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32.dll
Size

108KB
MD5

69ea2a59a9b647a323fda98fdce6f977
SHA1

dadaa5977b73957bc6046a7caba9d06ebf55bc75
SHA256

98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32
SHA512

b093ce66a0f7e8d6b0ab8db725de4a80b24090fde30f5747cfebf55870c6913f2831a3ddba0edf86c6fe1826e8d35fffc34466abe135f525aed258b13b649db8
SSDEEP

1536:nrMmn5iWp5sYUmPqzksTqB/mLfFTtQ+zHB9MU:nA25iYe2aYKfFi+zHvMU

Score

10^/10

Family

icedid

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 1 IoCs

loader

Processes:

resource	yara_rule
behavioral2/memory/552-0-0x0000000010000000-0x0000000010022000-memory.dmp	IcedidSecondLoader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1252 wrote to memory of 552	1252	rundll32.exe	rundll32.exe
PID 1252 wrote to memory of 552	1252	rundll32.exe	rundll32.exe
PID 1252 wrote to memory of 552	1252	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98d53f27e6d39ba36df22aa2bda5e719e92264f4a188e143fee5bbbaef636a32.dll,#1
2⤵
PID:552

memory/552-0-0x0000000010000000-0x0000000010022000-memory.dmp

Filesize
136KB

Download
memory/552-1-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download