icedid | 6ba401fd3fe927337e50e4bfa7e6b08078caf17920a1f7ee8e8c6efad8291eb6

Analysis

max time kernel
141s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/12/2024, 18:26

Target

JaffaCakes118_6ba401fd3fe927337e50e4bfa7e6b08078caf17920a1f7ee8e8c6efad8291eb6.dll
Size

490KB
MD5

df0a5568bbf93b2e996f9b46beb2c328
SHA1

91a840a0ce7621b17699ed00b33793aadac1af10
SHA256

6ba401fd3fe927337e50e4bfa7e6b08078caf17920a1f7ee8e8c6efad8291eb6
SHA512

3d880ad1930ea17fe0e2f14bdcd8f4d2d5a0b8ff65e53d24f5ada4f7a7a8dbc6eca5dbc44c141aab6c45287f760976c35d286e2db63a8a622e6476e2a10a884e
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRs:knmj6xK1y3Ik6TZGRs

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1100	regsvr32.exe
1100	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6ba401fd3fe927337e50e4bfa7e6b08078caf17920a1f7ee8e8c6efad8291eb6.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1100

memory/1100-0-0x0000000002D30000-0x0000000002D3E000-memory.dmp

Filesize
56KB

Download
memory/1100-1-0x0000000002D30000-0x0000000002D3E000-memory.dmp

Filesize
56KB

Download