icedid | ef7e8880561caed27b02a12f233365b9e34a58e9a3413074877da74fb9715c74

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 09:23

Target

JaffaCakes118_ef7e8880561caed27b02a12f233365b9e34a58e9a3413074877da74fb9715c74.dll
Size

490KB
MD5

bdcaab6fb279f514516f8704aa9a03e5
SHA1

a583a18bff76538d35fde9abfc86e4eff929cb02
SHA256

ef7e8880561caed27b02a12f233365b9e34a58e9a3413074877da74fb9715c74
SHA512

e875adf7e72549cacce8578e03c61d408ccf2ba7c9a2a063b11d1af0b4f1803aaca8b57e43962486b720deed7c3625758315f5da1e493ca58488f33a09702182
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRE:knmj6xK1y3Ik6TZGRE

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2244	regsvr32.exe
2244	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ef7e8880561caed27b02a12f233365b9e34a58e9a3413074877da74fb9715c74.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2244

memory/2244-0-0x0000000000380000-0x000000000038E000-memory.dmp

Filesize
56KB

Download
memory/2244-1-0x0000000000380000-0x000000000038E000-memory.dmp

Filesize
56KB

Download