Overview

overview

10

Static

static

3

5075e3a2ac...18.exe

windows7-x64

10

5075e3a2ac...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29-07-2024 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5075e3a2ac31a24a7e702a9c874f6282_JaffaCakes118.exe

  • Size

    142KB

  • MD5

    5075e3a2ac31a24a7e702a9c874f6282

  • SHA1

    e5b8c76e5dd399ddda7b0e90f8e437844cdd0634

  • SHA256

    433916382658909eddfca653bb6e6b951a7fec66020b205590a88883ad04d65e

  • SHA512

    0193070874e3e6f64ac698407cc00667fd0e7a5a4bca32c4b54f38c4e25bece5314bf57c83fa9fe18e7c32273ffccfa08295188997d6b33f775fce62b9789714

  • SSDEEP

    3072:YF+XutWYJ5mGCOdaurghr0cd1Pc/vyoS6OVXubST5DzBfO0r:OzoYaukl6io9O6Sl/

Score
10/10
icedidbankerdiscoveryloadertrojan

Malware Config

Extracted

Family

icedid

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 1 IoCs
    loader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\5075e3a2ac31a24a7e702a9c874f6282_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5075e3a2ac31a24a7e702a9c874f6282_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1496-0-0x00000000004B2000-0x00000000004B6000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1496-1-0x0000000000490000-0x0000000000627000-memory.dmp

    Filesize

    1.6MB

    Download