icedid | 5704dc7b2d743e35cb3564d4127a322eb39f2d45e55aa116ff63233a570d109e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 01:12

Target

JaffaCakes118_5704dc7b2d743e35cb3564d4127a322eb39f2d45e55aa116ff63233a570d109e.dll
Size

490KB
MD5

c95f642f5c90a7790773edac3f649f41
SHA1

c09fe927bf8fc5d72339fcd8e3afe4e5a4f01685
SHA256

5704dc7b2d743e35cb3564d4127a322eb39f2d45e55aa116ff63233a570d109e
SHA512

ba992a03b88b2980ebe1f480db4c5a7057c451af020a54a11a83a7fd644cb228f3cf32d0e67d35ca6721d4a9003458875a0bbe20e64ac0f1523bf8d7e410fccf
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRk:knmj6xK1y3Ik6TZGRk

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1680	regsvr32.exe
1680	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5704dc7b2d743e35cb3564d4127a322eb39f2d45e55aa116ff63233a570d109e.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1680

memory/1680-1-0x0000000002830000-0x000000000283E000-memory.dmp

Filesize
56KB

Download