Analysis
-
max time kernel
61s -
max time network
120s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
13-11-2020 22:03
Static task
static1
Behavioral task
behavioral1
Sample
Maaywuku2.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Maaywuku2.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
Maaywuku2.dll
-
Size
123KB
-
MD5
c33bd283a36d34b8de1826585e564530
-
SHA1
540f3ba581d2f0a4004da108ff20fb7a5c0b708c
-
SHA256
a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5
-
SHA512
12b570c44dfb89dcf9c77f0d429e58c3bce7a302ecc83e76962393169416c6956698fc9e291c49946ecb3e4ea3f52e201b0f3fe6a59d3fdfd9b06eba7f49248f
Malware Config
Signatures
-
IcedID Core Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1524-1-0x0000000002CB0000-0x0000000002D56000-memory.dmp Icedid_core -
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 3 1524 rundll32.exe 5 1524 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2036 wrote to memory of 1524 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1524 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1524 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1524 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1524 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1524 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1524 2036 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Maaywuku2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Maaywuku2.dll,#12⤵
- Blocklisted process makes network request