icedid | e8684d1ee11542b5928342c485efcfa889281b9ff8d1c8cb3653bf7fadf00d56

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2024, 14:32

Target

JaffaCakes118_e8684d1ee11542b5928342c485efcfa889281b9ff8d1c8cb3653bf7fadf00d56.dll
Size

490KB
MD5

637d64c65e143b45b04eb918664c194e
SHA1

dcdf8639b5d71da135c7532e7c9d3bef4cabf4dd
SHA256

e8684d1ee11542b5928342c485efcfa889281b9ff8d1c8cb3653bf7fadf00d56
SHA512

657280758a254b6e877d7665cc1fc478e58ff145fde9456de4d4a357543a26f1b0c19baa527c903a8ebf83474839956b483b196197f2cdbd5d65e38a5cb64713
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRC:knmj6xK1y3Ik6TZGRC

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3408	regsvr32.exe
3408	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e8684d1ee11542b5928342c485efcfa889281b9ff8d1c8cb3653bf7fadf00d56.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3408

memory/3408-0-0x00000000006E0000-0x00000000006EE000-memory.dmp

Filesize
56KB

Download
memory/3408-1-0x00000000006E0000-0x00000000006EE000-memory.dmp

Filesize
56KB

Download