icedid | e7636efbaf3e170af8f7cbc36f4c030f3df0bc89547186ddfe03e66a5c8c0b92

Resubmissions

28-06-2024 11:41

28-06-2024 06:30

max time kernel
96s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 11:41

Target

191f0a5dd7622595d3d38decf8061c05_JaffaCakes118.dll
Size

3.0MB
MD5

191f0a5dd7622595d3d38decf8061c05
SHA1

bded0a27fd4b759642720f8fbd4470a168f75576
SHA256

e7636efbaf3e170af8f7cbc36f4c030f3df0bc89547186ddfe03e66a5c8c0b92
SHA512

a1d2f5b4055c705f4e6f0394ff8b10127c8802d96e87722a34a6eaa0968d34853a9279de497d837c8b45c439e763bb2a65f4207c7e9db1a1165cbc99c96fa952
SSDEEP

49152:EBKs6yFyQqn4ZvgZ3aj+wvLoK/DVcONC/LzUX0QrxwyrIrP1VRmmnsQYp:EB36Sy94y3ajroKbCDoWPRT

Score

10^/10

Family

icedid

Campaign

3744237144

hommyfloppy.best

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

loader

Processes:

resource	yara_rule
behavioral2/memory/4508-0-0x00007FF841FC0000-0x00007FF842429000-memory.dmp	IcedidFirstLoader

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/4508-0-0x00007FF841FC0000-0x00007FF842429000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

4508 regsvr32.exe
4508 regsvr32.exe

pid	process
4508	regsvr32.exe
4508	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\191f0a5dd7622595d3d38decf8061c05_JaffaCakes118.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4508

memory/4508-0-0x00007FF841FC0000-0x00007FF842429000-memory.dmp

Filesize
4.4MB

Download