Analysis

  • max time kernel
    141s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 22:29

General

  • Target

    JaffaCakes118_1f2f0e04f1c6dc60110e43b1ab6a3d835e58a81d3b7e8ee051b7a29902b0bb11.dll

  • Size

    490KB

  • MD5

    f87e03a20816ab37e5096cedf293f58b

  • SHA1

    2a9510334829c308d1da07e14f8906887c4a1bc5

  • SHA256

    1f2f0e04f1c6dc60110e43b1ab6a3d835e58a81d3b7e8ee051b7a29902b0bb11

  • SHA512

    74f4881b786515721bc435bbf904b31af52082414ad50edc004eb73ea8b3c122c9558f9b0c282dd20e46e90ef1b630e33105fd88d44eef234eea3361ea72587f

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRra:knmj6xK1y3Ik6TZGRG

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1f2f0e04f1c6dc60110e43b1ab6a3d835e58a81d3b7e8ee051b7a29902b0bb11.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2716-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

    Filesize

    56KB

  • memory/2716-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

    Filesize

    56KB