icedid | 71f3c84759e3c29c2b759a55af8b719c7fd1d15f24fd79594880132f550a78b6

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 04:07

Target

JaffaCakes118_71f3c84759e3c29c2b759a55af8b719c7fd1d15f24fd79594880132f550a78b6.dll
Size

490KB
MD5

4ee859f90648beb6bf46bb6f2b11ba06
SHA1

e4b8569c1fb3e6a2dde374e7ccd2fd675d5ce88a
SHA256

71f3c84759e3c29c2b759a55af8b719c7fd1d15f24fd79594880132f550a78b6
SHA512

8e8340e56c05d1eaf320a9191a30a83434616cc97a454b1f9038cccc04d002d99b3abbeb6441eb11e0e769a32210318edaa62480ce57357dc35792d3d915e24e
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRH:knmj6xK1y3Ik6TZGRH

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2308	regsvr32.exe
2308	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_71f3c84759e3c29c2b759a55af8b719c7fd1d15f24fd79594880132f550a78b6.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2308

memory/2308-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/2308-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download