Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 03:08

General

  • Target

    JaffaCakes118_3a905bee006751c4b56151d25fb3e53f18dd8433769798728f2b81751e28f7c0.dll

  • Size

    490KB

  • MD5

    0a8e92ee306acfbf8d68f1e00ca634e0

  • SHA1

    ff9ef1bdd4d8e42523a334f23044ae29dc78a3ac

  • SHA256

    3a905bee006751c4b56151d25fb3e53f18dd8433769798728f2b81751e28f7c0

  • SHA512

    6f6f134171bd8a0526e02215e33cb58f71057831f5b33ad26e038234f49aadb530a50f504e4b89d7acf2f983d79ade843f44eeafb287f668eb9203b51e814d0f

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRu:knmj6xK1y3Ik6TZGRu

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3a905bee006751c4b56151d25fb3e53f18dd8433769798728f2b81751e28f7c0.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1624-0-0x00000000004F0000-0x00000000004FE000-memory.dmp

    Filesize

    56KB

  • memory/1624-1-0x00000000004F0000-0x00000000004FE000-memory.dmp

    Filesize

    56KB