Analysis

  • max time kernel
    94s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2024, 22:33

General

  • Target

    JaffaCakes118_843535caa05a2c198f8111d3097252cc92073bf461cbaad96213941f5dfaeace.dll

  • Size

    490KB

  • MD5

    f4547a09ce1b4c59970e4d33060c4094

  • SHA1

    926bc3b70b781579fcb2278a168fa9bf86599f88

  • SHA256

    843535caa05a2c198f8111d3097252cc92073bf461cbaad96213941f5dfaeace

  • SHA512

    25443cfc855e730d6b9a5dece130fc8e52ddd267c83c61eb0a054260175b4ff933504d519b6ecba9d155e5270fa46dffdb9e74c293e76a30f406f7a8fc057e49

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRu:knmj6xK1y3Ik6TZGRu

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_843535caa05a2c198f8111d3097252cc92073bf461cbaad96213941f5dfaeace.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2244

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2244-0-0x0000000000140000-0x000000000014E000-memory.dmp

          Filesize

          56KB

        • memory/2244-1-0x0000000000140000-0x000000000014E000-memory.dmp

          Filesize

          56KB