Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 05:11

General

  • Target

    JaffaCakes118_6ba5374a57f997f0343b7088e3b3a882f0ab8030eff21355fb9a29f282b4a798.dll

  • Size

    337KB

  • MD5

    8d0a602b30c1737b9270d3d9c3483f7f

  • SHA1

    bdbd10daa9722922de013c52ed03a29aa3970428

  • SHA256

    6ba5374a57f997f0343b7088e3b3a882f0ab8030eff21355fb9a29f282b4a798

  • SHA512

    8ae37b7e43dd860fcf7cc90c74ba2fde3df6bb9394f87e7b5242d473b2da77cdfb8ba5cb25e9c66599cb73fb27fab4c9af66c8c1f25686bec1d5dfd7f9e5dd5b

  • SSDEEP

    6144:W2qOZMfQw8fRGgJj65m7TJhjcll5WaZplFY00vgFqIDohuupc:7mowiRGg56YTXMl5P2v4o

Malware Config

Extracted

Family

icedid

Campaign

988048349

C2

keepfootbal.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6ba5374a57f997f0343b7088e3b3a882f0ab8030eff21355fb9a29f282b4a798.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2084-0-0x00000000004F0000-0x00000000004F9000-memory.dmp

    Filesize

    36KB

  • memory/2084-1-0x00000000004F0000-0x00000000004F9000-memory.dmp

    Filesize

    36KB

  • memory/2084-2-0x00000000004F0000-0x00000000004F9000-memory.dmp

    Filesize

    36KB