icedid | 67185d08a8d4d62d651ec25e3256a95a511f6bbde5b46ecde9b9a226b818130f

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 18:13

Target

JaffaCakes118_67185d08a8d4d62d651ec25e3256a95a511f6bbde5b46ecde9b9a226b818130f.dll
Size

490KB
MD5

920d06fba7723138ad0dd4162262e2a1
SHA1

8aa0a2a4e3deff35cd87aea8b2f77aba84976fbd
SHA256

67185d08a8d4d62d651ec25e3256a95a511f6bbde5b46ecde9b9a226b818130f
SHA512

80bbf4dacfd71eb05833f4f408dcc7eece2244a8e30253dcb9c30f06577d6aebbf48131b02c62c276d9995fbe957818924f1ff0a126f286a796d5ac80c19dd43
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRZ:knmj6xK1y3Ik6TZGRZ

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4452	regsvr32.exe
4452	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67185d08a8d4d62d651ec25e3256a95a511f6bbde5b46ecde9b9a226b818130f.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4452

memory/4452-0-0x0000000002820000-0x000000000282E000-memory.dmp

Filesize
56KB

Download
memory/4452-1-0x0000000002820000-0x000000000282E000-memory.dmp

Filesize
56KB

Download