Resubmissions

04-10-2024 16:44

241004-t8yv3syhpd 10

27-09-2024 16:54

240927-vepkzsvbre 10

27-09-2024 16:44

240927-t86wpavard 10

04-08-2024 18:04

240804-wnq1vawbpg 10

03-08-2024 17:26

240803-vzvbzazekn 10

03-08-2024 16:14

240803-tpp4tsshqa 10

03-08-2024 15:52

240803-tbarzsseqc 10

31-07-2024 19:40

240731-ydk3yszdpq 10

31-07-2024 10:53

240731-my145atfmf 10

Analysis

  • max time kernel
    661s
  • max time network
    667s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    31-07-2024 19:40

General

  • Target

    1820a0542f5950fd92ffa787cf09377a14d0fb42f0fa7419366090a5771a5f34.dll

  • Size

    38KB

  • MD5

    a4017c06209e16b8f47fcf6e5845aba9

  • SHA1

    66d99a1cc92ed316e0d7a2ab6df466c289154ec3

  • SHA256

    1820a0542f5950fd92ffa787cf09377a14d0fb42f0fa7419366090a5771a5f34

  • SHA512

    52e4df915b3cb6eb60a3f37874b0d8a14646ffadb9aa621cf8ea3fb04b5cbb4250fb9cec3a2ed8722a7eae4b600836b5b7bf72e53e297e464fb844096a9b2f5e

  • SSDEEP

    768:tojIJWP0znqX60+KU6nCVUO2gTjZSXulSJ474fLv/zkSf2Vz:NnqXn+YoQ+lu474zo

Malware Config

Extracted

Family

icedid

Campaign

1910897067

C2

epicprotovir.download

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1820a0542f5950fd92ffa787cf09377a14d0fb42f0fa7419366090a5771a5f34.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4924-0-0x0000000002890000-0x00000000028EB000-memory.dmp

    Filesize

    364KB