Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10_x64 -
resource
win10 -
submitted
21-10-2020 00:08
Static task
static1
Behavioral task
behavioral1
Sample
wNkeO.txt.dll
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
wNkeO.txt.dll
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
wNkeO.txt.dll
-
Size
210KB
-
MD5
93c7f5c0ad790f0cd530e1e3c6d9d296
-
SHA1
d0ce5a5c0aac2aad937a903d004017f04e4bfd1c
-
SHA256
5069c3e89ab5e79ff53991f175ff2f113c147c7351beda4e52374fae4f90853c
-
SHA512
c5fcb473498d963587c841735c088f1166116d123042bab05f70bb05f58c08b18200ff635ecc139a0b16afed3b922f7ef9843a2289a1a61c01003b22785ca0d0
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
1949629567
Signatures
-
Blocklisted process makes network request 6 IoCs
Processes:
rundll32.exeflow pid process 10 3956 rundll32.exe 11 3956 rundll32.exe 13 3956 rundll32.exe 15 3956 rundll32.exe 17 3956 rundll32.exe 19 3956 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 3956 rundll32.exe 3956 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3676 wrote to memory of 3956 3676 rundll32.exe rundll32.exe PID 3676 wrote to memory of 3956 3676 rundll32.exe rundll32.exe PID 3676 wrote to memory of 3956 3676 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\wNkeO.txt.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\wNkeO.txt.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3956-0-0x0000000000000000-mapping.dmp