icedid | 892ab420122e82374d4786ad813920b0b6034a8650e9f9a5e1a17284ec5f6c09

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:44

Target

JaffaCakes118_892ab420122e82374d4786ad813920b0b6034a8650e9f9a5e1a17284ec5f6c09.dll
Size

490KB
MD5

6091fe8fd1f853393881d6bfe6bafcd7
SHA1

9f4129cff22923c31c240a297bbb72b844f8b50a
SHA256

892ab420122e82374d4786ad813920b0b6034a8650e9f9a5e1a17284ec5f6c09
SHA512

cebc20b25913056b1c96d828996a5e9c347d5e5e37bcad1e060d40730c871e6cb0d6b7602acfe549d44e1a5c78eb2808127537fba47c7c666f2e90f79590cb8c
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRQ:knmj6xK1y3Ik6TZGRQ

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3064	regsvr32.exe
3064	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_892ab420122e82374d4786ad813920b0b6034a8650e9f9a5e1a17284ec5f6c09.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3064

memory/3064-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/3064-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download