Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2024, 17:46

General

  • Target

    JaffaCakes118_4fd6c418dd098ffbf8824641454dadd363a2dd9f059b8a6c7b647cc39c01d82c.dll

  • Size

    490KB

  • MD5

    b9e35660f26874e0ffcd131bb0b53e5e

  • SHA1

    dc74f185bbbdb21c4c1a8d1ddf05af273bfbfd39

  • SHA256

    4fd6c418dd098ffbf8824641454dadd363a2dd9f059b8a6c7b647cc39c01d82c

  • SHA512

    12c42e5c1a14e33bb02382cc321d8e2f018a1de274afed4c92e963458d9a935d839aaa8af751c6c7be7df22f021e088aedb2bbd201ac229d5136c781dd99d547

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR5:knmj6xK1y3Ik6TZGR5

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4fd6c418dd098ffbf8824641454dadd363a2dd9f059b8a6c7b647cc39c01d82c.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3672-0-0x00000000023E0000-0x00000000023EE000-memory.dmp

    Filesize

    56KB

  • memory/3672-1-0x00000000023E0000-0x00000000023EE000-memory.dmp

    Filesize

    56KB