icedid | d41dc7c994809fa657b8217c6be5ff4f42a7daa61a14f5e711ce4d822bdeba70

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 03:02

Target

a39e271f41128641553d2c6a7bb2d4c5_JaffaCakes118.dll
Size

120KB
MD5

a39e271f41128641553d2c6a7bb2d4c5
SHA1

70f7f5e2feea4a17bfd4af1591ff7869f88b5a92
SHA256

d41dc7c994809fa657b8217c6be5ff4f42a7daa61a14f5e711ce4d822bdeba70
SHA512

cff761348de074f250a4df3c7cf380ac5ec217cfc02bda4490c33d1b3189279fd64cd7717289f071433879ff01a571911193b1239c70f7511c9eccd9a5257fe1
SSDEEP

3072:za+dUDMZJjkzSzh25YohAUwr3XnsOOujmZOtw:wMZSzSzhA1rwDXnhZCSw

Score

10^/10

Family

icedid

loadwe4.casa

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 4 IoCs

loader

Processes:

resource	yara_rule
behavioral2/memory/2356-0-0x0000000000E80000-0x0000000000E8A000-memory.dmp	IcedidFirstLoader
behavioral2/memory/2356-4-0x0000000000E90000-0x0000000000E98000-memory.dmp	IcedidFirstLoader
behavioral2/memory/2356-7-0x0000000000BE0000-0x0000000000BE8000-memory.dmp	IcedidFirstLoader
behavioral2/memory/2356-8-0x0000000000F50000-0x0000000000F56000-memory.dmp	IcedidFirstLoader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3180 wrote to memory of 2356	3180	regsvr32.exe	regsvr32.exe
PID 3180 wrote to memory of 2356	3180	regsvr32.exe	regsvr32.exe
PID 3180 wrote to memory of 2356	3180	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a39e271f41128641553d2c6a7bb2d4c5_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3180

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a39e271f41128641553d2c6a7bb2d4c5_JaffaCakes118.dll
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:2508

memory/2356-0-0x0000000000E80000-0x0000000000E8A000-memory.dmp

Filesize
40KB

Download
memory/2356-4-0x0000000000E90000-0x0000000000E98000-memory.dmp

Filesize
32KB

Download
memory/2356-7-0x0000000000BE0000-0x0000000000BE8000-memory.dmp

Filesize
32KB

Download
memory/2356-8-0x0000000000F50000-0x0000000000F56000-memory.dmp

Filesize
24KB

Download