icedid | 134526487061b78b4bbd9f5697849999b07fa0d224d82d4759f6c4727b6fd15c

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 00:38

Target

JaffaCakes118_134526487061b78b4bbd9f5697849999b07fa0d224d82d4759f6c4727b6fd15c.dll
Size

490KB
MD5

7c8ff666b512eafa28e9591b90b25658
SHA1

f8a5d18cb230d18adf7587df698220e856a74718
SHA256

134526487061b78b4bbd9f5697849999b07fa0d224d82d4759f6c4727b6fd15c
SHA512

99c4473c5058c0aa1e2efe4d08808b611c586f113dd4365092e4118f4b7a92eabf8555c2887b0d4f042b82f9faae18f5102bc71c64d5b98914d921bbca56aa3a
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRN:knmj6xK1y3Ik6TZGRN

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1604	regsvr32.exe
1604	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_134526487061b78b4bbd9f5697849999b07fa0d224d82d4759f6c4727b6fd15c.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604

memory/1604-0-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download
memory/1604-1-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download