icedid | 4f4c2d03fa38ea0a9a79faad0d27835523036cfc5b3c2dbb489d72dda62527c4

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 07:37

Target

JaffaCakes118_4f4c2d03fa38ea0a9a79faad0d27835523036cfc5b3c2dbb489d72dda62527c4.dll
Size

490KB
MD5

cbb7a07b65b3ea355bb00ae7aa270607
SHA1

e970df3b506aa549d4f3f116a220e7c5cc0ec52c
SHA256

4f4c2d03fa38ea0a9a79faad0d27835523036cfc5b3c2dbb489d72dda62527c4
SHA512

ee0fe4fc68892c1410ddb0f6c61c84412673ddf7538f6b81d7e9a288d87398ee056cd771733495d58979bb49339bbd1bdd34c83185ad964377df25588163f770
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR4:knmj6xK1y3Ik6TZGR4

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2216	regsvr32.exe
2216	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f4c2d03fa38ea0a9a79faad0d27835523036cfc5b3c2dbb489d72dda62527c4.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216

memory/2216-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/2216-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download