icedid | 4533d7b368be3a5cc98b015ab71d67445d99ae19fe061cd94f90e7a23002f2d8

Analysis

max time kernel
100s
max time network
45s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 16:23

Target

4533d7b368be3a5cc98b015ab71d67445d99ae19fe061cd94f90e7a23002f2d8.dll
Size

490KB
MD5

cb44246d3675380068fc93263ad8fca5
SHA1

acb346fdaa40f9ea955416f514e8fbc334ad85ee
SHA256

4533d7b368be3a5cc98b015ab71d67445d99ae19fe061cd94f90e7a23002f2d8
SHA512

cf1472199bbb4854c6a2c7a6de5f0005e70341a121c0e0ae333e43b4d7728e91332f259416ab11869770d03200f9292c8fcd36e6173ed71cd4aad01ad7e32e1a
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRC:knmj6xK1y3Ik6TZGRC

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2524	regsvr32.exe
2524	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4533d7b368be3a5cc98b015ab71d67445d99ae19fe061cd94f90e7a23002f2d8.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2524

memory/2524-0-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download
memory/2524-1-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download