icedid | 509b13b604512815289addeac396efc2c11dd665269047c4615b60fd0a8a0eee

Analysis

max time kernel
142s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 20:38

Target

JaffaCakes118_509b13b604512815289addeac396efc2c11dd665269047c4615b60fd0a8a0eee.dll
Size

490KB
MD5

1e4035e5b868733b645eff3236f0f4a2
SHA1

1c96d2fb15b91ab3727f90e567ab1b0022b39807
SHA256

509b13b604512815289addeac396efc2c11dd665269047c4615b60fd0a8a0eee
SHA512

77db66b35723a4b3b7b980cdeb1040ebd88f12a8fdf7be7cb886e8aed837be31c4d648a221e41000c6c04f3ca9a8ba74e579908c8ff2f99603bf77342fce89bf
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR4:knmj6xK1y3Ik6TZGR4

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2012	regsvr32.exe
2012	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_509b13b604512815289addeac396efc2c11dd665269047c4615b60fd0a8a0eee.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012

memory/2012-0-0x00000000007A0000-0x00000000007AE000-memory.dmp

Filesize
56KB

Download
memory/2012-1-0x00000000007A0000-0x00000000007AE000-memory.dmp

Filesize
56KB

Download