Source: 3.2.rundll32.exe.212802e97b8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown |
Source: 3.2.rundll32.exe.212802e97b8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_91562d18 Author: unknown |
Source: 3.2.rundll32.exe.212802e97b8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_48029e37 Author: unknown |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Detects IceID / Bokbot variants Author: ditekSHen |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_0b62e783 Author: unknown |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_91562d18 Author: unknown |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_48029e37 Author: unknown |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects IceID / Bokbot variants Author: ditekSHen |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_0b62e783 Author: unknown |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_91562d18 Author: unknown |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_48029e37 Author: unknown |
Source: 00000003.00000002.431671660.0000000180004000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown |
Source: 00000003.00000002.431665923.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_0b62e783 Author: unknown |
Source: 00000003.00000002.431665923.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_91562d18 Author: unknown |
Source: 00000003.00000002.431665923.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_48029e37 Author: unknown |
Source: 00000003.00000002.431790390.00000212802D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown |
Source: 00000003.00000002.431790390.00000212802D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_0b62e783 Author: unknown |
Source: 00000003.00000002.431790390.00000212802D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_91562d18 Author: unknown |
Source: 00000003.00000002.431790390.00000212802D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_48029e37 Author: unknown |
Source: Process Memory Space: rundll32.exe PID: 2700, type: MEMORYSTR | Matched rule: Windows_Trojan_IcedID_11d24d35 Author: unknown |
Source: 3.2.rundll32.exe.212802e97b8.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 3.2.rundll32.exe.212802e97b8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06 |
Source: 3.2.rundll32.exe.212802e97b8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_91562d18 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 024bbd15da6bc759e321779881b466b500f6364a1d67bbfdc950aedccbfbc022, id = 91562d18-28a1-4349-9e4b-92ad165510c9, last_modified = 2022-06-09 |
Source: 3.2.rundll32.exe.212802e97b8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09 |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_IceID author = ditekSHen, description = Detects IceID / Bokbot variants |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06 |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_0b62e783 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 2f473fbe6338d9663808f1a3615cf8f0f6f9780fbce8f4a3c24f0ddc5f43dd4a, id = 0b62e783-5c1a-4377-8338-1c53194b8d01, last_modified = 2022-06-09 |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_91562d18 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 024bbd15da6bc759e321779881b466b500f6364a1d67bbfdc950aedccbfbc022, id = 91562d18-28a1-4349-9e4b-92ad165510c9, last_modified = 2022-06-09 |
Source: 3.2.rundll32.exe.180000000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09 |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_IceID author = ditekSHen, description = Detects IceID / Bokbot variants |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06 |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_0b62e783 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 2f473fbe6338d9663808f1a3615cf8f0f6f9780fbce8f4a3c24f0ddc5f43dd4a, id = 0b62e783-5c1a-4377-8338-1c53194b8d01, last_modified = 2022-06-09 |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_91562d18 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 024bbd15da6bc759e321779881b466b500f6364a1d67bbfdc950aedccbfbc022, id = 91562d18-28a1-4349-9e4b-92ad165510c9, last_modified = 2022-06-09 |
Source: 3.2.rundll32.exe.212802e97b8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09 |
Source: 00000003.00000002.431671660.0000000180004000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06 |
Source: 00000003.00000002.431665923.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_0b62e783 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 2f473fbe6338d9663808f1a3615cf8f0f6f9780fbce8f4a3c24f0ddc5f43dd4a, id = 0b62e783-5c1a-4377-8338-1c53194b8d01, last_modified = 2022-06-09 |
Source: 00000003.00000002.431665923.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_91562d18 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 024bbd15da6bc759e321779881b466b500f6364a1d67bbfdc950aedccbfbc022, id = 91562d18-28a1-4349-9e4b-92ad165510c9, last_modified = 2022-06-09 |
Source: 00000003.00000002.431665923.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09 |
Source: 00000003.00000002.431790390.00000212802D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06 |
Source: 00000003.00000002.431790390.00000212802D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_0b62e783 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 2f473fbe6338d9663808f1a3615cf8f0f6f9780fbce8f4a3c24f0ddc5f43dd4a, id = 0b62e783-5c1a-4377-8338-1c53194b8d01, last_modified = 2022-06-09 |
Source: 00000003.00000002.431790390.00000212802D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_91562d18 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 024bbd15da6bc759e321779881b466b500f6364a1d67bbfdc950aedccbfbc022, id = 91562d18-28a1-4349-9e4b-92ad165510c9, last_modified = 2022-06-09 |
Source: 00000003.00000002.431790390.00000212802D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_IcedID_48029e37 reference_sample = b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a, os = windows, severity = x86, creation_date = 2022-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 375266b526fe14354550d000d3a10dde3f6a85e11f4ba5cab14d9e1f878de51e, id = 48029e37-b392-4d53-b0de-2079f6a8a9d9, last_modified = 2022-06-09 |
Source: Process Memory Space: rundll32.exe PID: 2700, type: MEMORYSTR | Matched rule: Windows_Trojan_IcedID_11d24d35 reference_sample = b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982, os = windows, severity = x86, creation_date = 2022-02-16, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.IcedID, fingerprint = 155e5df0f3f598cdc21e5c85bcf21c1574ae6788d5f7e0058be823c71d06c21e, id = 11d24d35-6bff-4fac-83d8-4d152aa0be57, last_modified = 2022-04-06 |
Source: unknown | Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\y2D56.tmp.dll" | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",#1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\y2D56.tmp.dll,JfUksQmDGYQRSQfC | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",#1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\y2D56.tmp.dll,MVeMOgOlu | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\y2D56.tmp.dll,OnqcowdLVOpj | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",JfUksQmDGYQRSQfC | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",MVeMOgOlu | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",OnqcowdLVOpj | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",aXXRQNg | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",agetCYHzlW | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\y2D56.tmp.dll,JfUksQmDGYQRSQfC | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\y2D56.tmp.dll,MVeMOgOlu | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\y2D56.tmp.dll,OnqcowdLVOpj | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",JfUksQmDGYQRSQfC | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",MVeMOgOlu | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",OnqcowdLVOpj | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",aXXRQNg | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",agetCYHzlW | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\y2D56.tmp.dll",#1 | Jump to behavior |