icedid | 16b4d649eed7163f162a10caa7da45c56d89ed037a7efdb6c2673d19791ff619

Analysis

max time kernel
140s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2024, 18:11

Target

JaffaCakes118_16b4d649eed7163f162a10caa7da45c56d89ed037a7efdb6c2673d19791ff619.dll
Size

490KB
MD5

a61d014b917c08150667c80db27fcd5c
SHA1

56ea850d70498f543a2962588a38ff92a512fe61
SHA256

16b4d649eed7163f162a10caa7da45c56d89ed037a7efdb6c2673d19791ff619
SHA512

41ea9f6e69819db0dcb87ba0f09ec52c8d93348e22e52e194d33f8d1b95f9724bda3fc795917d751ed8fcfee6fd138038309e2de758ec363cc4e479b0491b9ca
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR6:knmj6xK1y3Ik6TZGR6

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3532	regsvr32.exe
3532	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_16b4d649eed7163f162a10caa7da45c56d89ed037a7efdb6c2673d19791ff619.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3532

memory/3532-1-0x0000000000B70000-0x0000000000B7E000-memory.dmp

Filesize
56KB

Download