Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 22:08

General

  • Target

    JaffaCakes118_61bb27431d005452b5a8f134f03635cd2114f8a0043cb0c81c08cb1dde193865.dll

  • Size

    490KB

  • MD5

    09b52ea85a5f496b537c03173bccee5b

  • SHA1

    8f865117a1ab8acca3bce07fcc22964e1f558a9b

  • SHA256

    61bb27431d005452b5a8f134f03635cd2114f8a0043cb0c81c08cb1dde193865

  • SHA512

    a2a3a4d391acd8685573a3dbacf513dbfd60ef46fe478149fc0e7363e952fa9cd82983a70c022570fdc90ccb6613a4687da66f1c8131d88d339067a432e48bd4

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR3:knmj6xK1y3Ik6TZGR3

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_61bb27431d005452b5a8f134f03635cd2114f8a0043cb0c81c08cb1dde193865.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1648-0-0x00000000013C0000-0x00000000013CE000-memory.dmp

    Filesize

    56KB

  • memory/1648-1-0x00000000013C0000-0x00000000013CE000-memory.dmp

    Filesize

    56KB