Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2024, 11:07

General

  • Target

    JaffaCakes118_7b365fbdb61fbb74400d6783be10b45e72e83a2a4946e62b55bccbdb99551cb6.dll

  • Size

    490KB

  • MD5

    fa6b2fb9da57b371b36ffcabe3a97548

  • SHA1

    2814394ec026d535961bf74171527b10a87b47aa

  • SHA256

    7b365fbdb61fbb74400d6783be10b45e72e83a2a4946e62b55bccbdb99551cb6

  • SHA512

    cefae5aae4a316de37ced05646a21bd1778ab7ca78aa899e2f89f9b55603ee95804a63af93d2d38b13155f2ec9c1d4dc70ed4a6f077703725438653df67d7f13

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR1:knmj6xK1y3Ik6TZGR1

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b365fbdb61fbb74400d6783be10b45e72e83a2a4946e62b55bccbdb99551cb6.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2096

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2096-0-0x00000000003D0000-0x00000000003DE000-memory.dmp

          Filesize

          56KB

        • memory/2096-1-0x00000000003D0000-0x00000000003DE000-memory.dmp

          Filesize

          56KB