icedid | 5f510ef41c88a69f4c1368607e1b943904fc81eb3a3a4c787720fde1610306e7

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 04:36

Target

JaffaCakes118_5f510ef41c88a69f4c1368607e1b943904fc81eb3a3a4c787720fde1610306e7.dll
Size

490KB
MD5

8832a6807fea7d950a86d54ebab46ea1
SHA1

7adf9634320f26ff0b2dcdf2c11dd8f499be0aab
SHA256

5f510ef41c88a69f4c1368607e1b943904fc81eb3a3a4c787720fde1610306e7
SHA512

76fbf4087e2232470cd97d775761a39558a18e1c731ca4d6ca59a266fd17da7784a16975826d021add89bd53465ecb5a62d2eafd8d7b2894fd433fd2cf241f27
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRt:knmj6xK1y3Ik6TZGRt

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1920	regsvr32.exe
1920	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f510ef41c88a69f4c1368607e1b943904fc81eb3a3a4c787720fde1610306e7.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1920

memory/1920-0-0x0000000000170000-0x000000000017E000-memory.dmp

Filesize
56KB

Download
memory/1920-1-0x0000000000170000-0x000000000017E000-memory.dmp

Filesize
56KB

Download