icedid | 1ac6569f226b33269ade9628e870328cdef200cd03b466f63a4de40aedac5d6a

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 08:36

Target

JaffaCakes118_1ac6569f226b33269ade9628e870328cdef200cd03b466f63a4de40aedac5d6a.dll
Size

490KB
MD5

1153b3c9b5f4b43f3fbc51b3aff75e0d
SHA1

b724aab8b9c1673fed39e503e426436dc7cba60e
SHA256

1ac6569f226b33269ade9628e870328cdef200cd03b466f63a4de40aedac5d6a
SHA512

91674cc4612db95d57c5184b36c27940c75ca4c9ef74845e583bbba9cdb3dae7c56592a8f0e1bf442450ab0631039073bb1fb0da331ecb46bb3172f293ee2b93
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRg:knmj6xK1y3Ik6TZGRg

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1452	regsvr32.exe
1452	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1ac6569f226b33269ade9628e870328cdef200cd03b466f63a4de40aedac5d6a.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1452

memory/1452-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/1452-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download