icedid | 4a538ba5b9a2d78b129b02f9c08cf4e5c176368636f6736440371fafeefcef65

Analysis

max time kernel
141s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 10:08

Target

JaffaCakes118_4a538ba5b9a2d78b129b02f9c08cf4e5c176368636f6736440371fafeefcef65.dll
Size

490KB
MD5

28097d3cf0f8e758a6258618da42a4d9
SHA1

3b935dc873d276a9383edfdf97eac45c11840839
SHA256

4a538ba5b9a2d78b129b02f9c08cf4e5c176368636f6736440371fafeefcef65
SHA512

5116b21081845f81a7b62ae15c900e0360d67143be4f97aa89cd0a85ee162652e04c5c0075a3febd7d87f94cc7009ee878badd7df1491c7d7b98ad31bee7c9d2
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRpf:knmj6xK1y3Ik6TZGRpf

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3012	regsvr32.exe
3012	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a538ba5b9a2d78b129b02f9c08cf4e5c176368636f6736440371fafeefcef65.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3012

memory/3012-0-0x00000000002E0000-0x00000000002EE000-memory.dmp

Filesize
56KB

Download
memory/3012-1-0x00000000002E0000-0x00000000002EE000-memory.dmp

Filesize
56KB

Download