icedid | ab08d113bb0f4fb6aa96997d03853aac162f93d8e6926de224186ab35255f310

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 22:32

Target

61249740d1ecb3a12f4652e17c745802_JaffaCakes118.dll
Size

211KB
MD5

61249740d1ecb3a12f4652e17c745802
SHA1

7052e7962eab69ab2e6425a10931a008d4736284
SHA256

ab08d113bb0f4fb6aa96997d03853aac162f93d8e6926de224186ab35255f310
SHA512

90f56a0534297b6aaacc40573121e8c46e06ad4b3be8ce1a1eaf9ac788589a00f52cc6f1939b4dfde7c278e2d18fc80ddd84a2a01a05773487ba4912b1f11338
SSDEEP

6144:6ZLw/yyWMa3NIBkL6LDW8dTZdw702edvxiuYOO6umz4N:6ZLw/yyHadIBkLIi8dTL2SvguYOO1mkN

Score

10^/10

Family

icedid

ldrstar.casa

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

loader

Processes:

resource	yara_rule
behavioral1/memory/2700-1-0x0000000074A70000-0x0000000074AFC000-memory.dmp	IcedidFirstLoader

Blocklisted process makes network request 36 IoCs

Processes:

rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2368 wrote to memory of 2700	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2700	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2700	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2700	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2700	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2700	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2700	2368	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61249740d1ecb3a12f4652e17c745802_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61249740d1ecb3a12f4652e17c745802_JaffaCakes118.dll,#1
2⤵
- Blocklisted process makes network request
PID:2700

memory/2700-0-0x0000000074AA3000-0x0000000074AA7000-memory.dmp

Filesize
16KB

Download
memory/2700-1-0x0000000074A70000-0x0000000074AFC000-memory.dmp

Filesize
560KB

Download