icedid | 628c03c7f48d64ed9b2f79eb407a2931d9f6f627cf905b6a4d5342d6994e1841

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 18:19

Target

f7e374a58c6cf08108d81efc4253a1d724f04bd2e9f1d2dfba7879a2178a0d26.dll
Size

63KB
MD5

6c944a11f6e93a6d7222fad7acff0da9
SHA1

7b0616b84383ee0e06cb3b531cec905e68b2e6b2
SHA256

f7e374a58c6cf08108d81efc4253a1d724f04bd2e9f1d2dfba7879a2178a0d26
SHA512

d89064b126672ff627f1d200273f9fb63d436a96d02df297c0263958abcdf375a1c4edafe70b3bc7596ac7fca1a128dca91d7a328ec250c9aa4e2ca1eed20c03
SSDEEP

1536:0RKGpYwSMaTbQ01XUGYN0Jf1XppxcPswfUnrzzD0ezZmM4R:zGRSMeQ0idNA9XxcUi6rzP0eoM4R

Score

10^/10

Family

icedid

Campaign

3311923693

getmeaninwurz.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

3112 rundll32.exe
3112 rundll32.exe

pid	process
3112	rundll32.exe
3112	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7e374a58c6cf08108d81efc4253a1d724f04bd2e9f1d2dfba7879a2178a0d26.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3112

memory/3112-0-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download