Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 21:43

General

  • Target

    JaffaCakes118_758b46491f279e59d44415012634a977b720097c419f202318aa72c476c54f58.dll

  • Size

    490KB

  • MD5

    f009ebcb2e7d8f32144bca461befdaf7

  • SHA1

    efeba4712c7f54562b47c48d79bbb10ffdd8e71b

  • SHA256

    758b46491f279e59d44415012634a977b720097c419f202318aa72c476c54f58

  • SHA512

    bfb73239d00fe8884e61db1e61c863f84b9e092c98884fff66fe6ae7ed8af9eedf366e9e19ee1f459a03b55b32a18a75d2f10ff701ed13250452aa3d6b1fc7e6

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRu:knmj6xK1y3Ik6TZGRu

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_758b46491f279e59d44415012634a977b720097c419f202318aa72c476c54f58.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3464-0-0x00000000012C0000-0x00000000012CE000-memory.dmp

    Filesize

    56KB

  • memory/3464-1-0x00000000012C0000-0x00000000012CE000-memory.dmp

    Filesize

    56KB