icedid | 17ea8ff7dbb2d59ceb61496fa9f3da4d92185dfc7d116f57d6cfd42f53a59c58

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 14:37

Target

JaffaCakes118_17ea8ff7dbb2d59ceb61496fa9f3da4d92185dfc7d116f57d6cfd42f53a59c58.dll
Size

490KB
MD5

90b4495003cdf35a74cacffd8b1c7fca
SHA1

cf975bf4f7e4dcc0e10eecc0dbeeddb857db9fce
SHA256

17ea8ff7dbb2d59ceb61496fa9f3da4d92185dfc7d116f57d6cfd42f53a59c58
SHA512

37c6b55da77bf7551241ace37da6f298cbd7f62cab1b2443565ca31838977c2e9954dadc5b403dd8065f658487da8e921a6f9c0b84c0b9b36515cf80ba3a3ad1
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRO:knmj6xK1y3Ik6TZGRO

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2672	regsvr32.exe
2672	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_17ea8ff7dbb2d59ceb61496fa9f3da4d92185dfc7d116f57d6cfd42f53a59c58.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2672

memory/2672-0-0x00000000002E0000-0x00000000002EE000-memory.dmp

Filesize
56KB

Download
memory/2672-1-0x00000000002E0000-0x00000000002EE000-memory.dmp

Filesize
56KB

Download