Overview

overview

10

Static

static

3

bb07723c01...0N.dll

windows7-x64

10

bb07723c01...0N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 09:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb07723c010f64482d6de10e2a897270N.dll

  • Size

    173KB

  • MD5

    bb07723c010f64482d6de10e2a897270

  • SHA1

    09e116023eb512f3e105617bb8022324d717f843

  • SHA256

    99653d8351b6c3cb96079abe70f95b8c5f740d9d7247713bed88b1e2ef28a802

  • SHA512

    6b64c810b7369e1e86a8d98808774bb746c0e452c2680d284d611d29cdec8a5c20436eeb5f11aef81d22ffebeb60a3d452c350c8b57b904fc28455ee64c8bf34

  • SSDEEP

    1536:CY53MNyZS2TinPvX+3pBn9EYm3lHMyYoTivfAy8nUIJcevW7/qANtCAV:x530ysqinXU39E/3lRAG5ewq

Score
10/10
icedid4213125251bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

4213125251

C2

asforthemines99.uno

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bb07723c010f64482d6de10e2a897270N.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1636-0-0x00000000003E0000-0x00000000003E7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1636-1-0x00000000003E0000-0x00000000003E7000-memory.dmp

    Filesize

    28KB

    Download