icedid | beff26f88adcb318118231f36cbc573b282adc15d52b7eaf5ac302b31ed38ebe

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/12/2024, 23:43

Target

JaffaCakes118_beff26f88adcb318118231f36cbc573b282adc15d52b7eaf5ac302b31ed38ebe.dll
Size

490KB
MD5

43c4fca5f2216e293e2828673e987223
SHA1

933870108746c8d2cfeca69813f9eff703de42fa
SHA256

beff26f88adcb318118231f36cbc573b282adc15d52b7eaf5ac302b31ed38ebe
SHA512

70f851f825caf444c503118fffd8208f44b2748b9ab24ff7f5f12e31fb687a152f5df03489b813262332322b84ae568af1172a6565937ea2bd492fb481bd014d
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRk:knmj6xK1y3Ik6TZGRk

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
548	regsvr32.exe
548	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_beff26f88adcb318118231f36cbc573b282adc15d52b7eaf5ac302b31ed38ebe.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:548

memory/548-0-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download
memory/548-1-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download