icedid | 4b4ab40c97e619368eb52381df76b657832d22845fc6532425b871c74d437027

Analysis

max time kernel
142s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 19:06

Target

JaffaCakes118_4b4ab40c97e619368eb52381df76b657832d22845fc6532425b871c74d437027.dll
Size

490KB
MD5

02b2b9a49e42c797d15ab6484985fd2a
SHA1

9cb54123d28bc30b5ecf29d6d30c9b1242ba5cbc
SHA256

4b4ab40c97e619368eb52381df76b657832d22845fc6532425b871c74d437027
SHA512

a6d1a36c780ea658b751e60ec33449b8a083d6e7270aff2cbae42d72e89e2f37c3306ee1ee902ffe8d4682f3da9e99fdca7c269a86049f4645216e9363de9958
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR6:knmj6xK1y3Ik6TZGR6

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
820	regsvr32.exe
820	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4b4ab40c97e619368eb52381df76b657832d22845fc6532425b871c74d437027.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:820

memory/820-0-0x0000000001440000-0x000000000144E000-memory.dmp

Filesize
56KB

Download
memory/820-1-0x0000000001440000-0x000000000144E000-memory.dmp

Filesize
56KB

Download