icedid | 5bcf0662656f1d434f19feb0b7cc2a146153b283b974d7a5f1c5404917b979c1

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 00:16

Target

JaffaCakes118_5bcf0662656f1d434f19feb0b7cc2a146153b283b974d7a5f1c5404917b979c1.dll
Size

490KB
MD5

f751b5435e7e1740338f6ff2518cfbd2
SHA1

6c1dbb7c4dd9a5748c4ad2cb03d77f978cd66191
SHA256

5bcf0662656f1d434f19feb0b7cc2a146153b283b974d7a5f1c5404917b979c1
SHA512

e8e52994d86f0f3acb099a46fdd9098e85f4ed485cea468d341cd2bb8a220bafe7ea22420453e153fad971342369b0743d5bfb6433d42b7fa77270a68d055b1c
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRR:knmj6xK1y3Ik6TZGRR

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1768	regsvr32.exe
1768	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5bcf0662656f1d434f19feb0b7cc2a146153b283b974d7a5f1c5404917b979c1.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768

memory/1768-0-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download
memory/1768-1-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download