icedid | 2ec081a000189d3b3546949fa0bbe08914c651f69265c3b57ddf7c03b296f249

Analysis

max time kernel
68s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 01:47

Target

5d33b73e4e2c730b4d0cce23ece2c120N.dll
Size

454KB
MD5

5d33b73e4e2c730b4d0cce23ece2c120
SHA1

9f56233865008afde7b59f01aa9dcc25a9b5260f
SHA256

2ec081a000189d3b3546949fa0bbe08914c651f69265c3b57ddf7c03b296f249
SHA512

b5b1aa0bc79c967574b9ee3b5e394a31dc4db65ce8a1ea8d8b0deb86478ef41674d2674215372258be4a47a9e1fd86105cfba1015b1fcb85f91539156a5a211a
SSDEEP

6144:UnBSboezY580J0f7wOnhulNrr5P1rh/KCeO9mHT2gjn3V1Afgsd1/T7FWQ+I7BFB:+aoeT0lwCeOA3rYgoVZ

Score

10^/10

Family

icedid

Campaign

512092511

alkaliodplus.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

3056 rundll32.exe
3056 rundll32.exe

pid	process
3056	rundll32.exe
3056	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d33b73e4e2c730b4d0cce23ece2c120N.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056

memory/3056-0-0x00000000001B0000-0x00000000001B6000-memory.dmp

Filesize
24KB

Download
memory/3056-1-0x00000000001C0000-0x00000000001C9000-memory.dmp

Filesize
36KB

Download