icedid | f3d2f430ca4dab7e91cf403ec61ca952502bb1f686aea18b58b5f6ea9c81fece

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 18:09

Target

JaffaCakes118_f3d2f430ca4dab7e91cf403ec61ca952502bb1f686aea18b58b5f6ea9c81fece.dll
Size

490KB
MD5

4a01826493a4c69e23ac4b622b6c9b39
SHA1

5d98faaf0fbf21c8c74ad5bd407fab613c84663b
SHA256

f3d2f430ca4dab7e91cf403ec61ca952502bb1f686aea18b58b5f6ea9c81fece
SHA512

50f6237c04cdbb873b6af4622e057c0f27458c58d3962f19a5f6203c53354c9b1038bf6a54e04eba6687e90007f85916a08b6c0d3badeb123a41bb1db006ae6f
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRF:knmj6xK1y3Ik6TZGRF

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2544	regsvr32.exe
2544	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f3d2f430ca4dab7e91cf403ec61ca952502bb1f686aea18b58b5f6ea9c81fece.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2544

memory/2544-0-0x0000000001200000-0x000000000120E000-memory.dmp

Filesize
56KB

Download
memory/2544-1-0x0000000001200000-0x000000000120E000-memory.dmp

Filesize
56KB

Download