Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2024, 23:03

General

  • Target

    JaffaCakes118_be472354d1581960b8e13b91ad7a956eb06b6859bb12756634be8e3a536e4add.dll

  • Size

    490KB

  • MD5

    4f61a50ca10c357ad74afab62fe3f1b4

  • SHA1

    1a886201dcfbb26e58e4b139fdfdb6cfdde8a7d3

  • SHA256

    be472354d1581960b8e13b91ad7a956eb06b6859bb12756634be8e3a536e4add

  • SHA512

    ea38e2976d3d7aa67fba72ae136d0e88c943c192d9895fe7ee57235ebde5e1e7832a3f50d99bab5131c7adccbeffb992c15329e1fc691d10d7af310748dd27f3

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRI:knmj6xK1y3Ik6TZGRI

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_be472354d1581960b8e13b91ad7a956eb06b6859bb12756634be8e3a536e4add.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3276

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3276-0-0x0000000002720000-0x000000000272E000-memory.dmp

          Filesize

          56KB

        • memory/3276-1-0x0000000002720000-0x000000000272E000-memory.dmp

          Filesize

          56KB