icedid | 2283d8002da7b7355fd7a0dd2bb5922bf357d20e2cf0b5e028ec1c6422a17938

Analysis

max time kernel
142s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 12:26

Target

JaffaCakes118_2283d8002da7b7355fd7a0dd2bb5922bf357d20e2cf0b5e028ec1c6422a17938.dll
Size

490KB
MD5

306e33f5548e3cf0e24d8f60bd86db5c
SHA1

4f1a1259d64a0da4399e1d504874ecc4dd5042fc
SHA256

2283d8002da7b7355fd7a0dd2bb5922bf357d20e2cf0b5e028ec1c6422a17938
SHA512

c648d3b2929b092a9b1523065d891bff97b301e5ba352c9b3a0f058a1830ea16d6dca50614815e992a8982befe37f594ab24892b063e5223d0bbd8d6f6875fb4
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRq:knmj6xK1y3Ik6TZGRq

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 3 IoCs

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2283d8002da7b7355fd7a0dd2bb5922bf357d20e2cf0b5e028ec1c6422a17938.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5016

memory/5016-0-0x0000000000AA0000-0x0000000000AAE000-memory.dmp

Filesize
56KB

Download
memory/5016-1-0x0000000000AA0000-0x0000000000AAE000-memory.dmp

Filesize
56KB

Download