icedid | da6e6741102a23f09392d9bae2bbffd053555de9088d2db2a06a65bf43ff6020

Analysis

max time kernel
97s
max time network
43s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 10:27

Target

JaffaCakes118_da6e6741102a23f09392d9bae2bbffd053555de9088d2db2a06a65bf43ff6020.dll
Size

490KB
MD5

882fef5e8196cd5c23d9de2e6ad797a1
SHA1

8c53841fc4b98826aa58f1178a17d8465e432d4f
SHA256

da6e6741102a23f09392d9bae2bbffd053555de9088d2db2a06a65bf43ff6020
SHA512

4fe8b37f8cb508d0f31ca985269eec6cb1589ff52d57bc36eb2cd5dbdc61a83113d84c9ffd4c7387d439e3f0338bc8b9a4440478f6eb231a91a95f8381f1c321
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRk:knmj6xK1y3Ik6TZGRk

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2328	regsvr32.exe
2328	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_da6e6741102a23f09392d9bae2bbffd053555de9088d2db2a06a65bf43ff6020.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2328

memory/2328-0-0x00000000002D0000-0x00000000002DE000-memory.dmp

Filesize
56KB

Download
memory/2328-1-0x00000000002D0000-0x00000000002DE000-memory.dmp

Filesize
56KB

Download