icedid | 63aa270152f195711c8bbc1a9b1ef55dbc04b3c33bb3e86cce8df6cbfb81b8bd

Analysis

max time kernel
141s
max time network
21s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 17:17

Target

JaffaCakes118_63aa270152f195711c8bbc1a9b1ef55dbc04b3c33bb3e86cce8df6cbfb81b8bd.dll
Size

490KB
MD5

b76838fc91e2cb0f0514cc64dec01120
SHA1

e086bc440ba331c91758c8495a0dec68dbb566ca
SHA256

63aa270152f195711c8bbc1a9b1ef55dbc04b3c33bb3e86cce8df6cbfb81b8bd
SHA512

4d158049095de0e8bfe1e469060f68600c461a01b99da146cf6e2c995218c1577e7c8b3fc5f4b3a2760598eeec2e3e464be13de16ae09e84b874d12da7b6e8d1
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRS:knmj6xK1y3Ik6TZGRS

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1760	regsvr32.exe
1760	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63aa270152f195711c8bbc1a9b1ef55dbc04b3c33bb3e86cce8df6cbfb81b8bd.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1760

memory/1760-0-0x00000000002D0000-0x00000000002DE000-memory.dmp

Filesize
56KB

Download
memory/1760-1-0x00000000002D0000-0x00000000002DE000-memory.dmp

Filesize
56KB

Download