Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 04:07

General

  • Target

    JaffaCakes118_310b09f8fc76d725f51d27aca9453e037e7706b35ae55c19121a58fd92a88d7d.dll

  • Size

    490KB

  • MD5

    4cb05d928714f7ded1831e618fb350d7

  • SHA1

    4c6f441f5dd5f81eb7c80217fffd1ffeda9f70bb

  • SHA256

    310b09f8fc76d725f51d27aca9453e037e7706b35ae55c19121a58fd92a88d7d

  • SHA512

    94d69155d03dc914c6574e88711102e7ad4f3ae2f067116a1f68b35fa9f5e1300763cf70f240e95878c6b0430da66bb201a28ffd2fd51994911c322efb1a25ab

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRD:knmj6xK1y3Ik6TZGRD

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_310b09f8fc76d725f51d27aca9453e037e7706b35ae55c19121a58fd92a88d7d.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1420-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

    Filesize

    56KB

  • memory/1420-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

    Filesize

    56KB