icedid | f7a96562101bcb6e21e40fbd11bc1d9a0172b5082944553604c5c68ac31a6d80

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 11:27

Target

JaffaCakes118_f7a96562101bcb6e21e40fbd11bc1d9a0172b5082944553604c5c68ac31a6d80.dll
Size

490KB
MD5

6c8387c846b367d724d192465f2dedc7
SHA1

455802bef4b0b97575e566c0bd7423152fb02d0c
SHA256

f7a96562101bcb6e21e40fbd11bc1d9a0172b5082944553604c5c68ac31a6d80
SHA512

89be4bdf043c1ce91c0eccea4c5a9d4f53b0fa50d796d5d3138251f2b441427cdc7202ff6da3cc465bf24c83da297e7119305fdf6f5d5d4e21f0ef69821b8363
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRs:knmj6xK1y3Ik6TZGRs

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3052	regsvr32.exe
3052	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f7a96562101bcb6e21e40fbd11bc1d9a0172b5082944553604c5c68ac31a6d80.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3052

memory/3052-0-0x0000000000140000-0x000000000014E000-memory.dmp

Filesize
56KB

Download
memory/3052-1-0x0000000000140000-0x000000000014E000-memory.dmp

Filesize
56KB

Download