icedid | 161546b1a8bbf634d32fc60c6878ad040e1fcb6cb13d678fd744015e5396957d

Analysis

max time kernel
141s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 15:45

Target

JaffaCakes118_161546b1a8bbf634d32fc60c6878ad040e1fcb6cb13d678fd744015e5396957d.dll
Size

490KB
MD5

6fb1840d59d01939a053b950248f9b0d
SHA1

02dd6eb67d1dc07dc5ad240186b32c4d73db6501
SHA256

161546b1a8bbf634d32fc60c6878ad040e1fcb6cb13d678fd744015e5396957d
SHA512

5c42c45e73906600e8d4d83f048faf1b043ac8c20c62a4eb42c75bfd7a33837e1c3bb053340d7b6324ecd36eb9143d10156121b8d3fc357b7e3055ba335ab1bd
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRT:knmj6xK1y3Ik6TZGRT

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2644	regsvr32.exe
2644	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_161546b1a8bbf634d32fc60c6878ad040e1fcb6cb13d678fd744015e5396957d.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2644

memory/2644-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/2644-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download