Overview

overview

10

Static

static

sol3nia.zip

windows7_x64

1

sol3nia.zip

windows10-2004_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    29-06-2022 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sol3nia.zip

  • Size

    206KB

  • MD5

    11d335ba207582c5e2790f7907181a17

  • SHA1

    a9eb4ae2b5c9064c5a01363cfba2359fa48f5aef

  • SHA256

    2a469601228e95defe50092a2dde56bd0a6ea62ff8162653094c9d41f7ab95a4

  • SHA512

    904dcbd3a7ae2ff1f7c06b6cc9c791339d903dfdfaceb9dd97685c092edd9122ec5c8560273044d0228898f0e0350fd24b98d628d56cfaee51962c2ffa113e51

Score
10/10
icedid3585208491bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3585208491

C2

bredofenction.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sol3nia.zip
    1⤵
      PID:3420
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4852
      • C:\Windows\System32\rundll32.exe
        "C:\Windows\System32\rundll32.exe" sol3nia.dll,RunObject
        1⤵
        • Blocklisted process makes network request
        • Suspicious behavior: EnumeratesProcesses
        PID:3636
      • C:\Windows\system32\SystemSettingsAdminFlows.exe
        "C:\Windows\system32\SystemSettingsAdminFlows.exe" TurnOffDevicePortal
        1⤵
          PID:2444
        • C:\Windows\system32\SystemSettingsAdminFlows.exe
          "C:\Windows\system32\SystemSettingsAdminFlows.exe" TurnOffDevicePortal
          1⤵
            PID:4324
          • C:\Windows\System32\rundll32.exe
            "C:\Windows\System32\rundll32.exe" shell32.dll,Options_RunDLL 7
            1⤵
              PID:4980

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3636-130-0x0000000180000000-0x0000000180009000-memory.dmp
              Filesize

              36KB

              Download