icedid | e5c2f012f5a1c56056ad9708c6f7a8fac0a9049e39e89176aa8b9ba7351d8198

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 17:54

Target

JaffaCakes118_e5c2f012f5a1c56056ad9708c6f7a8fac0a9049e39e89176aa8b9ba7351d8198.dll
Size

490KB
MD5

54f298335c61d928924a7db04179a46e
SHA1

b1ff50bef03acfa5ca377f1a0789095442ecaba0
SHA256

e5c2f012f5a1c56056ad9708c6f7a8fac0a9049e39e89176aa8b9ba7351d8198
SHA512

5a53ae2f56cc5045c9110278b096ffbbac995849183c87dcd13e668c2cb4117d81b9f141299207f576662602b0017bd9d736fb69a7e62e8ab639005147e14d1c
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRS:knmj6xK1y3Ik6TZGRS

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1864	regsvr32.exe
1864	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e5c2f012f5a1c56056ad9708c6f7a8fac0a9049e39e89176aa8b9ba7351d8198.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1864

memory/1864-0-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download
memory/1864-1-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download