Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 15:12

General

  • Target

    JaffaCakes118_9329a9161f43ad6dcc27cd3fb148c9cada6aa74c7f832b2ac79e83f4d47c1656.dll

  • Size

    490KB

  • MD5

    143ea3b417e2b3cf856c62ae851743ac

  • SHA1

    720d0aa2438e189d689a837e73928992ec8d7202

  • SHA256

    9329a9161f43ad6dcc27cd3fb148c9cada6aa74c7f832b2ac79e83f4d47c1656

  • SHA512

    31d46163264872e9df53176193a45d6a24ab2f4bd120c84838aa0bdbd094f3e7b5276e2dbba55798f9281edb1cfadadede290e70a5f7134fe2f0cf2589728eaa

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRg:knmj6xK1y3Ik6TZGRg

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9329a9161f43ad6dcc27cd3fb148c9cada6aa74c7f832b2ac79e83f4d47c1656.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3056-0-0x0000000000160000-0x000000000016E000-memory.dmp

    Filesize

    56KB

  • memory/3056-1-0x0000000000160000-0x000000000016E000-memory.dmp

    Filesize

    56KB