Overview

overview

10

Static

static

3

dll64.dll

windows7-x64

10

dll64.dll

windows10-2004-x64

10

svchost.exe

windows7-x64

10

svchost.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 03:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dll64.dll

  • Size

    43KB

  • MD5

    cfad79ca83be1a597222a14d4afb8dbd

  • SHA1

    4c2f0f0fad519bcbe7616fd0452dcfb9b0fb2081

  • SHA256

    e53d34c5a00e62c90781e918fd5a198475d259a9017cd2b1b5d9b91350c1e876

  • SHA512

    8abf010ebd670d90f06e0d2a8e92d84ff8dd3ab3cac03bb11cc5e344a26fb19afae033d86e8f77ecbe2ed0c5b960b42fe7b59a2cbd160f88fd091cd5904f1af4

  • SSDEEP

    768:d39DqSdbgOgeRFb8w0E0o9z77Q+bDjBWSNMghNTbDKTvNo4ROIaSJd:L3dFRZ8wUG/DNBVbDKTi4RySJd

Score
10/10
icedid2642071409bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2642071409

C2

netmoscito2.uno

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Icedid family
    icedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dll64.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1792-1-0x0000000001040000-0x0000000001047000-memory.dmp

    Filesize

    28KB

    Download