icedid | 808d4995650c4c4b2aeec8ce3dcbce22a3a48045d441335b5685a7f720f85976

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2024 15:58

Target

94edbafae7e1fef0f952ac0c071a209f.dll
Size

49KB
MD5

94edbafae7e1fef0f952ac0c071a209f
SHA1

d4a8609862e2a57344ffa9780c3a47bdd1a17381
SHA256

808d4995650c4c4b2aeec8ce3dcbce22a3a48045d441335b5685a7f720f85976
SHA512

942876c124a7eae25134d691e76b6558d33836a1bde21eeca56fe8d72df9bd8c71b61a1a769c8e7db6d28b0a188a8a89b008f2293840aea63f59060d980f191d
SSDEEP

768:y9BIx5TpMEQDqtg30IWHpVxs+CER4HbI+nFVYfcIjQXHY+J:RpM3D/30A+Ck+nDY0IjQ31

Score

10^/10

Family

icedid

Campaign

313021985

neverbiglik.top

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
640	regsvr32.exe
640	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\94edbafae7e1fef0f952ac0c071a209f.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:640

memory/640-0-0x0000000002970000-0x00000000029D3000-memory.dmp

Filesize
396KB

Download