Overview

overview

10

Static

static

3

7b8b3de47c...18.dll

windows7-x64

10

7b8b3de47c...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b8b3de47c3fd708b0bf453fac1ff706_JaffaCakes118.dll

  • Size

    211KB

  • MD5

    7b8b3de47c3fd708b0bf453fac1ff706

  • SHA1

    ccf109d735ced74a4e45c6b6fdba0714134d3a69

  • SHA256

    6571b88739b154807adbbe7b8d3ff75543887405f066489fb773a2186b862132

  • SHA512

    0734d5ef4568a0fee0dd7fa2b932e4fdeaaea9737bf891805b5c09ddce52dad4e1ca01a705d3139db284b655a99283f282f8440eec237aefe16595fdce1f3b1c

  • SSDEEP

    6144:6ZLwbyyWMa3NIBkL6LDW8dTZdw702edvxiuYOO6umz4N:6ZLwbyyHadIBkLIi8dTL2SvguYOO1mkN

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

ldrstar.casa

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • Blocklisted process makes network request 12 IoCs
  • Program crash 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b8b3de47c3fd708b0bf453fac1ff706_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b8b3de47c3fd708b0bf453fac1ff706_JaffaCakes118.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:2000
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 636
        3⤵
        • Program crash
        PID:836
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 808
        3⤵
        • Program crash
        PID:4756
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 840
        3⤵
        • Program crash
        PID:4696
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 920
        3⤵
        • Program crash
        PID:3548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 1120
        3⤵
        • Program crash
        PID:4456
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3804 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3588
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2000 -ip 2000
      1⤵
        PID:3392
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2000 -ip 2000
        1⤵
          PID:1928
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2000 -ip 2000
          1⤵
            PID:1564
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2000 -ip 2000
            1⤵
              PID:220
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2000 -ip 2000
              1⤵
                PID:1392

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/2000-0-0x0000000075113000-0x0000000075117000-memory.dmp

                Filesize

                16KB

                Download

              • memory/2000-1-0x00000000750E0000-0x000000007516C000-memory.dmp

                Filesize

                560KB

                Download

              • memory/2000-2-0x00000000750E0000-0x000000007516C000-memory.dmp

                Filesize

                560KB

                Download