icedid | 00c6a1e28d1cbe12b2f42a3e070c8be0856dda5f9d72c8784d6f06f711a76e74

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 00:46

Target

JaffaCakes118_00c6a1e28d1cbe12b2f42a3e070c8be0856dda5f9d72c8784d6f06f711a76e74.dll
Size

490KB
MD5

569512d8afac791845bce94908134053
SHA1

c77467919ddca514b8f3526f61af9bdb001394d4
SHA256

00c6a1e28d1cbe12b2f42a3e070c8be0856dda5f9d72c8784d6f06f711a76e74
SHA512

e9bd2e5bcc7331da58b6d221c98a334e80e240e70403ded08edb81ac13e1b197a7bcfd2d4175498e11a2b23965750b51bc4888583e17440a9b3f8ea4901ebbf0
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRq:knmj6xK1y3Ik6TZGRq

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2808	regsvr32.exe
2808	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_00c6a1e28d1cbe12b2f42a3e070c8be0856dda5f9d72c8784d6f06f711a76e74.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808

memory/2808-0-0x00000000001C0000-0x00000000001CE000-memory.dmp

Filesize
56KB

Download
memory/2808-1-0x00000000001C0000-0x00000000001CE000-memory.dmp

Filesize
56KB

Download