icedid | 4fd6c418dd098ffbf8824641454dadd363a2dd9f059b8a6c7b647cc39c01d82c

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2024, 17:46

Target

JaffaCakes118_4fd6c418dd098ffbf8824641454dadd363a2dd9f059b8a6c7b647cc39c01d82c.dll
Size

490KB
MD5

b9e35660f26874e0ffcd131bb0b53e5e
SHA1

dc74f185bbbdb21c4c1a8d1ddf05af273bfbfd39
SHA256

4fd6c418dd098ffbf8824641454dadd363a2dd9f059b8a6c7b647cc39c01d82c
SHA512

12c42e5c1a14e33bb02382cc321d8e2f018a1de274afed4c92e963458d9a935d839aaa8af751c6c7be7df22f021e088aedb2bbd201ac229d5136c781dd99d547
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR5:knmj6xK1y3Ik6TZGR5

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 3 IoCs

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4fd6c418dd098ffbf8824641454dadd363a2dd9f059b8a6c7b647cc39c01d82c.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672

memory/3672-0-0x00000000023E0000-0x00000000023EE000-memory.dmp

Filesize
56KB

Download
memory/3672-1-0x00000000023E0000-0x00000000023EE000-memory.dmp

Filesize
56KB

Download