icedid | e5d56690bf82fb4432b528d733da2e9ceb3ac3aae9eb1c0e7d75a5c7b6958da0

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 20:53

Target

JaffaCakes118_e5d56690bf82fb4432b528d733da2e9ceb3ac3aae9eb1c0e7d75a5c7b6958da0.dll
Size

490KB
MD5

7dac61304aab9ce2c275bc77ce752803
SHA1

acd47a3f606e9f7ead6247e700165dce3b6f218b
SHA256

e5d56690bf82fb4432b528d733da2e9ceb3ac3aae9eb1c0e7d75a5c7b6958da0
SHA512

0a55fdfb954b9df3be363d63604f0c0ef96a28f0b14e4661d739edb519870fdbc67a9e38d9deed65c3ef916664a365818c7032eebf38b82c7c7af677730b73a9
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRW:knmj6xK1y3Ik6TZGRW

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2000	regsvr32.exe
2000	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e5d56690bf82fb4432b528d733da2e9ceb3ac3aae9eb1c0e7d75a5c7b6958da0.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2000

memory/2000-0-0x0000000002D80000-0x0000000002D8E000-memory.dmp

Filesize
56KB

Download
memory/2000-1-0x0000000002D80000-0x0000000002D8E000-memory.dmp

Filesize
56KB

Download