icedid | edd83ce822041c0e8506185174feca4da6bb5bffc49b263edaa041f2da0f340c

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 17:47

Target

JaffaCakes118_edd83ce822041c0e8506185174feca4da6bb5bffc49b263edaa041f2da0f340c.dll
Size

490KB
MD5

d80c39b0827f8d3fa127ccc2b3a62668
SHA1

60fde65b797febc2f3cb78d51720553f207cdbb0
SHA256

edd83ce822041c0e8506185174feca4da6bb5bffc49b263edaa041f2da0f340c
SHA512

f3e82121ec3b3fd1067865b4679f89cc93d97f0ee08eb0123de12ff80a04ef2ac1bcf39f01383b70ff9a32f22e0190d7750fd36fbdd38b1dfc30a10e08090b2a
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRx:knmj6xK1y3Ik6TZGRx

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3428	regsvr32.exe
3428	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_edd83ce822041c0e8506185174feca4da6bb5bffc49b263edaa041f2da0f340c.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3428

memory/3428-0-0x0000000002DB0000-0x0000000002DBE000-memory.dmp

Filesize
56KB

Download
memory/3428-1-0x0000000002DB0000-0x0000000002DBE000-memory.dmp

Filesize
56KB

Download