icedid | 8efa3aea51c2da764f118b7808fa096c3e3a841b676b1e046cdd6ad50cf8af3d

Analysis

max time kernel
147s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 21:24

Target

7a946bfc8ca85ad16bf66ecabb4ccdec_JaffaCakes118.dll
Size

214KB
MD5

7a946bfc8ca85ad16bf66ecabb4ccdec
SHA1

0c5014dcdcf28f11f31c13e3fb3ef6ae5559f628
SHA256

8efa3aea51c2da764f118b7808fa096c3e3a841b676b1e046cdd6ad50cf8af3d
SHA512

f667e6badebdc6a8bc677bb54f073112b70b7896c41b04d40a47880d5ccb47082996fc2e04aeabb55888d92d269a3b1d650bdf190eb25f058560a311cbd326c3
SSDEEP

6144:54+U6OuNhTIXJnxeecA9ikbl4yB6ETGzM0yT:a+U6Oseh9cA/lV6ETGw0yT

Score

10^/10

Family

icedid

ldrshekel.casa

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

loader

Processes:

resource	yara_rule
behavioral1/memory/1652-1-0x0000000074E00000-0x0000000074E97000-memory.dmp	IcedidFirstLoader

Blocklisted process makes network request 32 IoCs

Processes:

rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2112 wrote to memory of 1652	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 1652	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 1652	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 1652	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 1652	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 1652	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 1652	2112	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a946bfc8ca85ad16bf66ecabb4ccdec_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a946bfc8ca85ad16bf66ecabb4ccdec_JaffaCakes118.dll,#1
2⤵
- Blocklisted process makes network request
PID:1652

memory/1652-0-0x0000000074E34000-0x0000000074E38000-memory.dmp

Filesize
16KB

Download
memory/1652-1-0x0000000074E00000-0x0000000074E97000-memory.dmp

Filesize
604KB

Download