icedid | 578025fc2d0107993cd0433cd0189e8719c360912804386188babe70a709e856

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 10:56

Target

JaffaCakes118_578025fc2d0107993cd0433cd0189e8719c360912804386188babe70a709e856.dll
Size

490KB
MD5

a30516a3ed2f9193a351d7603b0a0068
SHA1

f10563952f7979d2c3e4c8337ff2a01a4b875f35
SHA256

578025fc2d0107993cd0433cd0189e8719c360912804386188babe70a709e856
SHA512

8d01767690edcdc564f9dbd05eb1dfde4c35795d822cbdae621c5aa794e0a5d4ec4e24a2aa29f040fd501124627f10bb34e9f99f022989565dfa94588afb7eb5
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRx:knmj6xK1y3Ik6TZGRx

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2424	regsvr32.exe
2424	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_578025fc2d0107993cd0433cd0189e8719c360912804386188babe70a709e856.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2424

memory/2424-0-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download
memory/2424-1-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download