Analysis
-
max time kernel
46s -
max time network
107s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
07-12-2020 17:45
Static task
static1
Behavioral task
behavioral1
Sample
otgewd.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
otgewd.dll
-
Size
192KB
-
MD5
cb11148e0c7b70769b156ab085c41dfe
-
SHA1
48fc5d442a68286f4edcd5a9170b8ce5c849f2e5
-
SHA256
d7a2b612bc7124c22cb058518ecf40a39b670042a7fbad01d4fa49d0ce20d344
-
SHA512
a457af8df734e5de9dc0807fbf2916a4015347068199f471ae22b7cb4d5e07855f67201de700286c40f81f5ab128c56e62da924fca277937a0af36c6e6f70ab8
Malware Config
Signatures
-
IcedID Core Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1840-3-0x0000000002DF0000-0x0000000002E97000-memory.dmp Icedid_core -
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 4 1840 rundll32.exe 6 1840 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1008 wrote to memory of 1840 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1840 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1840 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1840 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1840 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1840 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1840 1008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\otgewd.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\otgewd.dll,#12⤵
- Blocklisted process makes network request