icedid | bef8e68c5042b4c1c995e213226a2eff74936e151ceb5173016c22e79dda3945

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 17:44

Target

JaffaCakes118_bef8e68c5042b4c1c995e213226a2eff74936e151ceb5173016c22e79dda3945.dll
Size

490KB
MD5

b515b0d81a090565182168e6fc858a79
SHA1

85fe403d7673e509194c752582839c933da04f33
SHA256

bef8e68c5042b4c1c995e213226a2eff74936e151ceb5173016c22e79dda3945
SHA512

41262a878d52fee89ecce556cff5c13ec8248c8f5d3d4a2f6217048d1812d77c22a684ae1148aab842c96b4078f2fbbe8c48bbd3a957c7fb347844585a66dbbe
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRS:knmj6xK1y3Ik6TZGRS

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
540	regsvr32.exe
540	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bef8e68c5042b4c1c995e213226a2eff74936e151ceb5173016c22e79dda3945.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:540

memory/540-0-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download
memory/540-1-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download