icedid | 5ec7265b3fc8dfac4efbf6ea5e5315a2cdc77c34994b87b14dc478b5e529d48a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 20:33

Target

JaffaCakes118_5ec7265b3fc8dfac4efbf6ea5e5315a2cdc77c34994b87b14dc478b5e529d48a.dll
Size

490KB
MD5

9c5c254add72c43c074df86ae9ce309d
SHA1

19e4fc0727f35049e6260ac3b5571d244616fbc9
SHA256

5ec7265b3fc8dfac4efbf6ea5e5315a2cdc77c34994b87b14dc478b5e529d48a
SHA512

5ae78e9d32356091aa456402c137496e417cb34577cce7ece66e8483cd83d715c1bf0cc0ccb3092a12c014c28592bb513cd8868e2ba97d9491caa80b090d905b
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRG:knmj6xK1y3Ik6TZGRG

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4052	regsvr32.exe
4052	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5ec7265b3fc8dfac4efbf6ea5e5315a2cdc77c34994b87b14dc478b5e529d48a.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052

memory/4052-0-0x0000000000B80000-0x0000000000B8E000-memory.dmp

Filesize
56KB

Download
memory/4052-1-0x0000000000B80000-0x0000000000B8E000-memory.dmp

Filesize
56KB

Download