icedid | d72f695e840f81afedffff3234a11def18a2473d053943728c6a2f2616f31ced

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 07:55

Target

JaffaCakes118_d72f695e840f81afedffff3234a11def18a2473d053943728c6a2f2616f31ced.dll
Size

490KB
MD5

3577778d0a20f7ff6e3ca5ddb021d1f6
SHA1

45681ad16d3b2d1be727e1d8077780d8cdf7fa98
SHA256

d72f695e840f81afedffff3234a11def18a2473d053943728c6a2f2616f31ced
SHA512

c7d27f87dcee5e574deb9f2f7c53b8010e008bf39020fd0518fe10320a85c680e1790bbefe065eae6ec40a34c5a1796b1a88f8fe4b425fb9079519df6d3b2101
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR8:knmj6xK1y3Ik6TZGR8

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 4 IoCs

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d72f695e840f81afedffff3234a11def18a2473d053943728c6a2f2616f31ced.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4028

memory/4028-0-0x0000000002530000-0x000000000253E000-memory.dmp

Filesize
56KB

Download
memory/4028-1-0x0000000002530000-0x000000000253E000-memory.dmp

Filesize
56KB

Download