icedid | 2021d10f1609174b1b537e413c72652852ff4e7d600ca524d0ce6abc21099012

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 14:22

Target

JaffaCakes118_2021d10f1609174b1b537e413c72652852ff4e7d600ca524d0ce6abc21099012.dll
Size

490KB
MD5

8a0c5edf8ea0ef59b0c979a2a2acc604
SHA1

a4ea744c32214efe731d129cadbb675b892ba738
SHA256

2021d10f1609174b1b537e413c72652852ff4e7d600ca524d0ce6abc21099012
SHA512

3b6c3d659c4f3cbcd4f488b551fd9b7faad30baa03b6506ca882eb855db42630fbad51ccb9fc97e64c5859b7f40de0bc9833230d67679989aa8122ad444551b0
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRX:knmj6xK1y3Ik6TZGRX

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4204	regsvr32.exe
4204	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2021d10f1609174b1b537e413c72652852ff4e7d600ca524d0ce6abc21099012.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204

memory/4204-0-0x0000000000BF0000-0x0000000000BFE000-memory.dmp

Filesize
56KB

Download
memory/4204-1-0x0000000000BF0000-0x0000000000BFE000-memory.dmp

Filesize
56KB

Download