Analysis
-
max time kernel
91s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10-05-2024 00:02
General
-
Target
2c59a019fc71eaa1c00220cb7a19bfde_JaffaCakes118.dll
-
Size
214KB
-
MD5
2c59a019fc71eaa1c00220cb7a19bfde
-
SHA1
870082e0c3a2a9a06ef9dce655f500d02ed0790c
-
SHA256
ad91cc0f5f38735a2a88df59382b93919a0f3112cae592f4a0477e20ef414469
-
SHA512
aeb2dba7cc52356eba30fd146bfe6ffe370b23f293913bd1fdf430aa0d8ec1cb4f289c06e2d6399a7ba7eb9eaa2142b8b5cbcdff1458719086097329d8ff002d
-
SSDEEP
6144:54+U6OuUhTIXJnxeecA9ikbl4yB6ETGzM0y:a+U6OZeh9cA/lV6ETGw0y
Score
10/10
Malware Config
Extracted
Family
icedid
C2
ldrshekel.casa
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
IcedID First Stage Loader 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c59a019fc71eaa1c00220cb7a19bfde_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c59a019fc71eaa1c00220cb7a19bfde_JaffaCakes118.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 5963⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2444 -ip 24441⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2444-0-0x0000000074B84000-0x0000000074B88000-memory.dmpFilesize
16KB
-
memory/2444-1-0x0000000074B50000-0x0000000074BE7000-memory.dmpFilesize
604KB
-
memory/2444-2-0x0000000074B84000-0x0000000074B88000-memory.dmpFilesize
16KB
-
memory/2444-3-0x0000000074B50000-0x0000000074BE4000-memory.dmpFilesize
592KB