icedid | 6998ab034f500b7be976e4b3fc99eb46f6cd2e3c6e0f3179c35252f8d52c6504

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:43

Target

JaffaCakes118_6998ab034f500b7be976e4b3fc99eb46f6cd2e3c6e0f3179c35252f8d52c6504.dll
Size

490KB
MD5

8a2603a96d0ad52d51977462a0adb100
SHA1

32b03d1c4416b507a3db61bd395271932d776232
SHA256

6998ab034f500b7be976e4b3fc99eb46f6cd2e3c6e0f3179c35252f8d52c6504
SHA512

3de55598f579b083eaf443393956c522186f4e3aa04a45ebefc03579c81468f6430d3124b16c99c66e1642342cdcecd9023a4ee6c3c590deaa8b83d42a6396ac
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRCN:knmj6xK1y3Ik6TZGRCN

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2280	regsvr32.exe
2280	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6998ab034f500b7be976e4b3fc99eb46f6cd2e3c6e0f3179c35252f8d52c6504.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2280

memory/2280-0-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download
memory/2280-1-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download