icedid | 77f45a8fee496fe4448b5a07dd3f155c6d1042a0b3e07c036f5cb1737d478b74

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:47

Target

JaffaCakes118_77f45a8fee496fe4448b5a07dd3f155c6d1042a0b3e07c036f5cb1737d478b74.dll
Size

490KB
MD5

a756cc2fceea4eb3db0c72b60df85f4e
SHA1

380e0654bf647d907fe04b43983aaf159d269842
SHA256

77f45a8fee496fe4448b5a07dd3f155c6d1042a0b3e07c036f5cb1737d478b74
SHA512

7951dd68c8db16475d2d7cf9c472e262d899831b706aaf1cdf58d855a96987f1b9b7469e0ada43ea82de250f7bad40b759d2d63c3da79cfd253b87946713a8f8
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR3:knmj6xK1y3Ik6TZGR3

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1508	regsvr32.exe
1508	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_77f45a8fee496fe4448b5a07dd3f155c6d1042a0b3e07c036f5cb1737d478b74.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1508

memory/1508-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/1508-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download