icedid | a2d30fd19ee005c0e629eec60abe5fcced463a95c77c9ff16668c53ae12d7e3e

Analysis

max time kernel
95s
max time network
40s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 09:54

Target

JaffaCakes118_a2d30fd19ee005c0e629eec60abe5fcced463a95c77c9ff16668c53ae12d7e3e.dll
Size

490KB
MD5

aed6937c36ea35c85de731ccb8e06349
SHA1

6bdb27c2b50e4b20c734ff30339d08e243982342
SHA256

a2d30fd19ee005c0e629eec60abe5fcced463a95c77c9ff16668c53ae12d7e3e
SHA512

9e067b99fd00bba8cd94a8c852a2ff9ed5364b7b7c7f3faa7014dac70f97f2add87d76acc883309e13093fcaa5521a6f25ad5060262d849a64ab1f9518997c9e
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRl:knmj6xK1y3Ik6TZGRl

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2660	regsvr32.exe
2660	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a2d30fd19ee005c0e629eec60abe5fcced463a95c77c9ff16668c53ae12d7e3e.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2660

memory/2660-0-0x00000000002C0000-0x00000000002CE000-memory.dmp

Filesize
56KB

Download
memory/2660-1-0x00000000002C0000-0x00000000002CE000-memory.dmp

Filesize
56KB

Download