icedid | 99653d8351b6c3cb96079abe70f95b8c5f740d9d7247713bed88b1e2ef28a802

Analysis

max time kernel
114s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 09:20

Target

bb07723c010f64482d6de10e2a897270N.dll
Size

173KB
MD5

bb07723c010f64482d6de10e2a897270
SHA1

09e116023eb512f3e105617bb8022324d717f843
SHA256

99653d8351b6c3cb96079abe70f95b8c5f740d9d7247713bed88b1e2ef28a802
SHA512

6b64c810b7369e1e86a8d98808774bb746c0e452c2680d284d611d29cdec8a5c20436eeb5f11aef81d22ffebeb60a3d452c350c8b57b904fc28455ee64c8bf34
SSDEEP

1536:CY53MNyZS2TinPvX+3pBn9EYm3lHMyYoTivfAy8nUIJcevW7/qANtCAV:x530ysqinXU39E/3lRAG5ewq

Score

10^/10

Family

icedid

Campaign

4213125251

asforthemines99.uno

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

loader

resource	yara_rule
behavioral2/memory/1744-0-0x0000000001140000-0x0000000001147000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1744	regsvr32.exe
1744	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bb07723c010f64482d6de10e2a897270N.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1036,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
1⤵
PID:208

memory/1744-0-0x0000000001140000-0x0000000001147000-memory.dmp

Filesize
28KB

Download