Analysis

  • max time kernel
    96s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2024, 10:30

General

  • Target

    JaffaCakes118_159813c8555f4a590c9d17ac446887ee1c93b5adc0ddbb535c157809e7f3965a.dll

  • Size

    490KB

  • MD5

    242dbfd7d5b471a1d3b8a26374ad97ce

  • SHA1

    270760abdf3893de3409e0dd3e9fc63cd67b4306

  • SHA256

    159813c8555f4a590c9d17ac446887ee1c93b5adc0ddbb535c157809e7f3965a

  • SHA512

    f640a4e682790a05ce76370e3d7f97f43d7171a2bf3c588c7f8a342d9fe71d5c121466a9275a88d807cf65ecdfc57c508b3dc92bbee97d3a85c081638cda0613

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaR1:knmj6xK1y3Ik6TZGR1

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_159813c8555f4a590c9d17ac446887ee1c93b5adc0ddbb535c157809e7f3965a.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2304

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2304-0-0x00000000002C0000-0x00000000002CE000-memory.dmp

          Filesize

          56KB

        • memory/2304-1-0x00000000002C0000-0x00000000002CE000-memory.dmp

          Filesize

          56KB