icedid | f7d5719927090c79bcb0fe97d4d59ffbed2d1618614abd5801631dfaf3a69372

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 19:25

Target

JaffaCakes118_f7d5719927090c79bcb0fe97d4d59ffbed2d1618614abd5801631dfaf3a69372.dll
Size

490KB
MD5

b1b5a034be4d9cbf7c51b0392258efc7
SHA1

f4c7518fd3c757d618c9703663c89b34ca452a98
SHA256

f7d5719927090c79bcb0fe97d4d59ffbed2d1618614abd5801631dfaf3a69372
SHA512

edb3531171beb3cb53dd2151c24d7b6e6476364ad71640afb3ad3d7ca0b565ad77cd66b1737cb0c645ec60964395537faf50c893ce019c7dbb6ed2927bcc825a
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRX:knmj6xK1y3Ik6TZGRX

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2324	regsvr32.exe
2324	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f7d5719927090c79bcb0fe97d4d59ffbed2d1618614abd5801631dfaf3a69372.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2324

memory/2324-0-0x00000000001F0000-0x00000000001FE000-memory.dmp

Filesize
56KB

Download
memory/2324-1-0x00000000001F0000-0x00000000001FE000-memory.dmp

Filesize
56KB

Download