icedid | a575828b7ade59cada52cc453afd961f5c5d150fb01ad21e2a8a2652bb6d1790

Analysis

max time kernel
142s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 23:07

Target

JaffaCakes118_a575828b7ade59cada52cc453afd961f5c5d150fb01ad21e2a8a2652bb6d1790.dll
Size

490KB
MD5

269feb6eec1308d9a3e9259393a65ec1
SHA1

e0322fffde64054bcf64e9327420dd06ba05d2db
SHA256

a575828b7ade59cada52cc453afd961f5c5d150fb01ad21e2a8a2652bb6d1790
SHA512

0ac796f61197cf2ea5472b0c8183263548fa3f77ccdc70bff3d1819c59d2b17f7d639709441bfe51f45802a038cb71fc00bffbb8efae4870c12317168b55a184
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRSD:knmj6xK1y3Ik6TZGRSD

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4692	regsvr32.exe
4692	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a575828b7ade59cada52cc453afd961f5c5d150fb01ad21e2a8a2652bb6d1790.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4692

memory/4692-0-0x0000000002C60000-0x0000000002C6E000-memory.dmp

Filesize
56KB

Download
memory/4692-1-0x0000000002C60000-0x0000000002C6E000-memory.dmp

Filesize
56KB

Download