Analysis

  • max time kernel
    142s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2024, 10:20

General

  • Target

    JaffaCakes118_53b000ae10c95e2a9736314cb094609419fb0bd0558adca632e4504fd08b70f9.dll

  • Size

    490KB

  • MD5

    49e2706756ae04a97ddc143464aa62e6

  • SHA1

    a35d1aa92043bb8b7a072215b65d7cb09eabe1a0

  • SHA256

    53b000ae10c95e2a9736314cb094609419fb0bd0558adca632e4504fd08b70f9

  • SHA512

    20e82371ceb3e7271b36c1fff0848a9d5d0d97959a89099471acd659787db9401692c99c679bbb6c6f943eec9dd8aacd684ea07b18030f72f7bccf4d09404ab1

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR7:knmj6xK1y3Ik6TZGR7

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_53b000ae10c95e2a9736314cb094609419fb0bd0558adca632e4504fd08b70f9.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2216

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2216-0-0x00000000004C0000-0x00000000004CE000-memory.dmp

          Filesize

          56KB

        • memory/2216-1-0x00000000004C0000-0x00000000004CE000-memory.dmp

          Filesize

          56KB