Overview

overview

10

Static

static

3

4ce06b6759...18.dll

windows7-x64

10

4ce06b6759...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-05-2024 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ce06b6759df2f433c1da9a8100d3c03_JaffaCakes118.dll

  • Size

    214KB

  • MD5

    4ce06b6759df2f433c1da9a8100d3c03

  • SHA1

    c2468348f90f1dd05962bf93c9ab1833e7bad115

  • SHA256

    ea1d92c3d94727066636b93e3cfe85331eb2865e15f86bc20978be99272ddb0d

  • SHA512

    9e611a944a8f8eecf7cbbfc70c6e25904095c400db72b1f45e3028a7f187a77d2c785c7b7e25bf8733453bfa01934c3e29eb93ddde09e23ce3da3435a0404e9c

  • SSDEEP

    6144:54+U6OuehTIXJnxeecA9ikbl4yB6ETGzM0yT:a+U6O7eh9cA/lV6ETGw0yT

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

ldrshekel.casa

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ce06b6759df2f433c1da9a8100d3c03_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3308
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ce06b6759df2f433c1da9a8100d3c03_JaffaCakes118.dll,#1
      2⤵
        PID:4268
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 596
          3⤵
          • Program crash
          PID:232
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4268 -ip 4268
      1⤵
        PID:1556

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4268-0-0x0000000074FD4000-0x0000000074FD8000-memory.dmp

        Filesize

        16KB

        Download

      • memory/4268-1-0x0000000074FA0000-0x0000000075037000-memory.dmp

        Filesize

        604KB

        Download

      • memory/4268-3-0x0000000074FA0000-0x0000000075034000-memory.dmp

        Filesize

        592KB

        Download

      • memory/4268-2-0x0000000074FD4000-0x0000000074FD8000-memory.dmp

        Filesize

        16KB

        Download