icedid | bbc187e00c1e58be22408217617229d594235ff7f5ed9c30158c4edcef71f199

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 14:20

Target

JaffaCakes118_bbc187e00c1e58be22408217617229d594235ff7f5ed9c30158c4edcef71f199.dll
Size

490KB
MD5

4b6f973e41603323da12f976ea649002
SHA1

130a3f9c53c624e775675ef74ff75e27597112ad
SHA256

bbc187e00c1e58be22408217617229d594235ff7f5ed9c30158c4edcef71f199
SHA512

07d602848e7e7bad8ddc2d0ef41f7d4cb02364dcd9fe2a36700bf7d03907c6c4b5136b27126b5fa21b1b0bf4b10f78d9b4a3c28ec903a695e98d3674de82320e
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRx:knmj6xK1y3Ik6TZGRx

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
684	regsvr32.exe
684	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bbc187e00c1e58be22408217617229d594235ff7f5ed9c30158c4edcef71f199.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:684

memory/684-0-0x00000000026C0000-0x00000000026CE000-memory.dmp

Filesize
56KB

Download
memory/684-1-0x00000000026C0000-0x00000000026CE000-memory.dmp

Filesize
56KB

Download