icedid | f9767f11c483edac32d6ed571dfa83943b4785de176e4d831af9044c0e536847

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 02:19

Target

JaffaCakes118_f9767f11c483edac32d6ed571dfa83943b4785de176e4d831af9044c0e536847.dll
Size

490KB
MD5

6fe94a91fde1d167dde8b8ca3bc9be74
SHA1

d2e60c8f29c6b8f3c3e54e7e3bc7646515bbda8e
SHA256

f9767f11c483edac32d6ed571dfa83943b4785de176e4d831af9044c0e536847
SHA512

56a5150601cddf8063bd7e2063c9a1ecd8c47f02c35cb559faeca751c41c7a83f92060abc3a47f0d8500a1943f9fb2fb90e97026c59d21173ab900e4559b2bf0
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRU:knmj6xK1y3Ik6TZGRU

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
452	regsvr32.exe
452	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9767f11c483edac32d6ed571dfa83943b4785de176e4d831af9044c0e536847.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:452

memory/452-0-0x00000000025B0000-0x00000000025BE000-memory.dmp

Filesize
56KB

Download
memory/452-1-0x00000000025B0000-0x00000000025BE000-memory.dmp

Filesize
56KB

Download