icedid | 16ccb7813cb773e54a088805f484fee369e987163c1faf4d0938492f98a9b042

Analysis

max time kernel
142s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 13:42

Target

JaffaCakes118_16ccb7813cb773e54a088805f484fee369e987163c1faf4d0938492f98a9b042.dll
Size

490KB
MD5

a70fe431428096ae3d7a5d337a04db14
SHA1

54e3686a2129f6db38964a63d58d53ff9cfff452
SHA256

16ccb7813cb773e54a088805f484fee369e987163c1faf4d0938492f98a9b042
SHA512

b835be36bc203a75a1d5a835a8d4d29ef943ceec7b8a49f60ad4738ebafec13dcd9f05582396cfcdbd84a0ff3085fe13b51cf4e30cef0b0b15268590609a9bc9
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR21:knmj6xK1y3Ik6TZGR21

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4460	regsvr32.exe
4460	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_16ccb7813cb773e54a088805f484fee369e987163c1faf4d0938492f98a9b042.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4460

memory/4460-0-0x00000000029A0000-0x00000000029AE000-memory.dmp

Filesize
56KB

Download
memory/4460-1-0x00000000029A0000-0x00000000029AE000-memory.dmp

Filesize
56KB

Download