icedid | 385f7edcaf8dadd7571ef358dfcfbb0ed31e73faa6e8a3fb17188dd8f17a5053

Analysis

max time kernel
142s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 20:14

Target

JaffaCakes118_385f7edcaf8dadd7571ef358dfcfbb0ed31e73faa6e8a3fb17188dd8f17a5053.dll
Size

490KB
MD5

d909577140e966645c7c727d6191d71d
SHA1

463cfe428c14999a1106b1a6734b15cf275fb6f0
SHA256

385f7edcaf8dadd7571ef358dfcfbb0ed31e73faa6e8a3fb17188dd8f17a5053
SHA512

b59216163407fd4d04bb3565eba50aef9f6de9be7a42a1f13a001aa0eded0285b6e4c22e4e4222cfe4a1534f7d6afc968b56780f7b133fce4fc0848f5d726c19
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRP:knmj6xK1y3Ik6TZGRP

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1860	regsvr32.exe
1860	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_385f7edcaf8dadd7571ef358dfcfbb0ed31e73faa6e8a3fb17188dd8f17a5053.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860

memory/1860-0-0x00000000009E0000-0x00000000009EE000-memory.dmp

Filesize
56KB

Download
memory/1860-1-0x00000000009E0000-0x00000000009EE000-memory.dmp

Filesize
56KB

Download