Analysis
-
max time kernel
148s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
17-06-2024 03:16
General
-
Target
e1acdcf523f6bf29cd553ca1a93669105152573027fbc1a0d9564b4d3aa21116.dll
-
Size
238KB
-
MD5
1baca172e73f892549e5b12dc32c6d93
-
SHA1
9594914e80c6cff476d4c4840ad89b86d636adfe
-
SHA256
e1acdcf523f6bf29cd553ca1a93669105152573027fbc1a0d9564b4d3aa21116
-
SHA512
3ab5866a74cadfd82ad962e83d11da9f330ea14c7d41788c105a8a1d9b95307749129975adbc27deb0736ecba481930a368d288539a295d345b212bbc2a72479
-
SSDEEP
3072:3cyTX/cSJmG1vE3mkBfS25wdz0ND42raiEqrR59RQjQdQNZQKM/tXQlQjmeb+xUQ:3J0Y/E3x5S26CBaiprRkGV1mebO1gl4
Score
10/10
Malware Config
Extracted
Family
icedid
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
IcedID Second Stage Loader 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e1acdcf523f6bf29cd553ca1a93669105152573027fbc1a0d9564b4d3aa21116.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e1acdcf523f6bf29cd553ca1a93669105152573027fbc1a0d9564b4d3aa21116.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1744-1-0x00000000748B0000-0x00000000748FF000-memory.dmpFilesize
316KB
-
memory/1744-0-0x00000000748EC000-0x00000000748F0000-memory.dmpFilesize
16KB