icedid | 0ac842768dffbacc1b63605344bd0e6d2cf4b548df5470329dff1bf5c90d33a3

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 14:56

Target

826ee61b1e74c2d97734ca9a9afbdaca7a162fbea206e851a8923c9b9ecba833.dll
Size

501KB
MD5

e95c717e12b71752414b72f2182f7b51
SHA1

0ae8061453984b33d98c535bef96e3714a927cd5
SHA256

826ee61b1e74c2d97734ca9a9afbdaca7a162fbea206e851a8923c9b9ecba833
SHA512

f7246ac3f2c4d70f49fd82bc3e7a5cea243959e68f238b337fe5ce29e814ac3f83bb34384c440101aa205847dfa7f6f6023ce89cd4620d903547104c84aae074
SSDEEP

6144:MhSzKGOF/UKry0EvhHr/2IhMzohn1fGkYLC24bi93amKN2eeB1fGKohosnIgX1:MhVGOtq+ojukYLyu93GN8B1povX1

Score

10^/10

Family

icedid

Campaign

598902084

mappingmorrage.top

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2404	regsvr32.exe
2404	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\826ee61b1e74c2d97734ca9a9afbdaca7a162fbea206e851a8923c9b9ecba833.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2404

memory/2404-0-0x00000000002A0000-0x00000000002A7000-memory.dmp

Filesize
28KB

Download
memory/2404-1-0x00000000002A0000-0x00000000002A7000-memory.dmp

Filesize
28KB

Download
memory/2404-2-0x00000000002A0000-0x00000000002A7000-memory.dmp

Filesize
28KB

Download