icedid | eee219e1ca4e19b2a8d7a9a38b7c48782c834753b308cfacb7a4f6a071e0a84b

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/12/2024, 17:46

Target

JaffaCakes118_eee219e1ca4e19b2a8d7a9a38b7c48782c834753b308cfacb7a4f6a071e0a84b.dll
Size

490KB
MD5

e54354417edfa0edc1a8d9a5be46a108
SHA1

81fe945496f6b4a9dc3811925b9beaaab3d27b65
SHA256

eee219e1ca4e19b2a8d7a9a38b7c48782c834753b308cfacb7a4f6a071e0a84b
SHA512

e827a3e5cd56dde24cf63a1353556371a2eae7f3ff6bc4a9d7ecb920cb98c1c6f3839c214097932616b7b9be38987e63ab5176795784f65cab547049956d257d
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRg:knmj6xK1y3Ik6TZGRg

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2440	regsvr32.exe
2440	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_eee219e1ca4e19b2a8d7a9a38b7c48782c834753b308cfacb7a4f6a071e0a84b.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2440

memory/2440-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/2440-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download