Overview

overview

10

Static

static

3

7a946bfc8c...18.dll

windows7-x64

10

7a946bfc8c...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a946bfc8ca85ad16bf66ecabb4ccdec_JaffaCakes118.dll

  • Size

    214KB

  • MD5

    7a946bfc8ca85ad16bf66ecabb4ccdec

  • SHA1

    0c5014dcdcf28f11f31c13e3fb3ef6ae5559f628

  • SHA256

    8efa3aea51c2da764f118b7808fa096c3e3a841b676b1e046cdd6ad50cf8af3d

  • SHA512

    f667e6badebdc6a8bc677bb54f073112b70b7896c41b04d40a47880d5ccb47082996fc2e04aeabb55888d92d269a3b1d650bdf190eb25f058560a311cbd326c3

  • SSDEEP

    6144:54+U6OuNhTIXJnxeecA9ikbl4yB6ETGzM0yT:a+U6Oseh9cA/lV6ETGw0yT

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

ldrshekel.casa

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a946bfc8ca85ad16bf66ecabb4ccdec_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a946bfc8ca85ad16bf66ecabb4ccdec_JaffaCakes118.dll,#1
      2⤵
        PID:1088
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 596
          3⤵
          • Program crash
          PID:4120
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1088 -ip 1088
      1⤵
        PID:2684

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1088-0-0x00000000755F4000-0x00000000755F8000-memory.dmp

        Filesize

        16KB

        Download

      • memory/1088-1-0x00000000755C0000-0x0000000075657000-memory.dmp

        Filesize

        604KB

        Download

      • memory/1088-2-0x00000000755F4000-0x00000000755F8000-memory.dmp

        Filesize

        16KB

        Download

      • memory/1088-3-0x00000000755C0000-0x0000000075654000-memory.dmp

        Filesize

        592KB

        Download