icedid | 52a5f7560e58909f5d787cb773481770b2450e8181119cdb36b0cad5bb261196

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2024, 23:35

Target

JaffaCakes118_52a5f7560e58909f5d787cb773481770b2450e8181119cdb36b0cad5bb261196.dll
Size

490KB
MD5

5caa500c30ec0ccc4e0f7a30fc05fb17
SHA1

15da122f9e12b1aad2df7526290fc71ffd705e6f
SHA256

52a5f7560e58909f5d787cb773481770b2450e8181119cdb36b0cad5bb261196
SHA512

8128817c7b2e9ce4625dd34c0f11088c005bfe04a5af083b4c67037541068a4668febf93a5258adc8eeadd7cfa5344927a06a95740de7a510692f5e35c45efb4
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRS:knmj6xK1y3Ik6TZGRS

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4000	regsvr32.exe
4000	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_52a5f7560e58909f5d787cb773481770b2450e8181119cdb36b0cad5bb261196.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4000

memory/4000-0-0x00000000020C0000-0x00000000020CE000-memory.dmp

Filesize
56KB

Download
memory/4000-1-0x00000000020C0000-0x00000000020CE000-memory.dmp

Filesize
56KB

Download