icedid | c0c44a9d68614564386fa30c60f7d068abd82a3c8fb7172fa6d1b295a1356371

Analysis

max time kernel
121s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 14:05

Target

JaffaCakes118_c0c44a9d68614564386fa30c60f7d068abd82a3c8fb7172fa6d1b295a1356371.dll
Size

534KB
MD5

11c05642b2bdf2fc8525ca3cc65735cd
SHA1

0f7a6ec8f93dc32eca19a217c87347f858fdcaad
SHA256

c0c44a9d68614564386fa30c60f7d068abd82a3c8fb7172fa6d1b295a1356371
SHA512

59bbb45ccf5a2122b17243736d44c449cd48c8087ad14ec795218c3d87d8c197318ddacdcaae8e5ebf059cb026a43783d8997b59bae0c18302bc07ba82165390
SSDEEP

12288:sS5YBh+z8zl6j+lMo0/BmkEg0w9wqL8iqKSI/YVG:sS2BhoAl6yOF83g0OLuPIgV

Score

10^/10

Family

icedid

Campaign

227378761

blionarywesta.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2676	rundll32.exe
2676	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0c44a9d68614564386fa30c60f7d068abd82a3c8fb7172fa6d1b295a1356371.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2676

memory/2676-0-0x0000000180000000-0x0000000180009000-memory.dmp

Filesize
36KB

Download