icedid | 67da01e050c4eb8fdfba83254b3d4eca516e0d1cf26a0dff73dfe42b07b0e795

Analysis

max time kernel
141s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/12/2024, 22:23

Target

JaffaCakes118_67da01e050c4eb8fdfba83254b3d4eca516e0d1cf26a0dff73dfe42b07b0e795.dll
Size

490KB
MD5

e4eb42d447e1f94dfd6530ea39d0e57c
SHA1

2d0b3cea24b71b1b2b837deab87207fb40097338
SHA256

67da01e050c4eb8fdfba83254b3d4eca516e0d1cf26a0dff73dfe42b07b0e795
SHA512

b3372e80e1e564934532eeead566f0446ff72d5ba39150605d1822b7d24323e1c3edfd20d0a7fe1d0ed7ee49bfa4f042a499df126c897095bc245a580196eda8
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRy:knmj6xK1y3Ik6TZGRy

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1984	regsvr32.exe
1984	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67da01e050c4eb8fdfba83254b3d4eca516e0d1cf26a0dff73dfe42b07b0e795.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984

memory/1984-0-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download
memory/1984-1-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download