icedid | 579b21ae136b52ec1c07c69e18203051b863927a7fd25bb5d1f958296b5db4d1

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 20:09

Target

JaffaCakes118_579b21ae136b52ec1c07c69e18203051b863927a7fd25bb5d1f958296b5db4d1.dll
Size

490KB
MD5

9f5a393928871766113590bc82c112a8
SHA1

26101c34166f88eed0b03fad4f1358f29e64df44
SHA256

579b21ae136b52ec1c07c69e18203051b863927a7fd25bb5d1f958296b5db4d1
SHA512

5eaa802c247b173b81e2233127f68ca4b241718f49ee69fda7989de55d2c02f3904c5985baad6c9dd24e73fd64c1249cb37725aaf66e50e73193e890362cde21
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRG:knmj6xK1y3Ik6TZGRG

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4660	regsvr32.exe
4660	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_579b21ae136b52ec1c07c69e18203051b863927a7fd25bb5d1f958296b5db4d1.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4660

memory/4660-0-0x0000000001F40000-0x0000000001F4E000-memory.dmp

Filesize
56KB

Download
memory/4660-1-0x0000000001F40000-0x0000000001F4E000-memory.dmp

Filesize
56KB

Download