Analysis
-
max time kernel
41s -
max time network
115s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
07-12-2020 17:45
Static task
static1
Behavioral task
behavioral1
Sample
otgewd.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
otgewd.dll
-
Size
192KB
-
MD5
cb11148e0c7b70769b156ab085c41dfe
-
SHA1
48fc5d442a68286f4edcd5a9170b8ce5c849f2e5
-
SHA256
d7a2b612bc7124c22cb058518ecf40a39b670042a7fbad01d4fa49d0ce20d344
-
SHA512
a457af8df734e5de9dc0807fbf2916a4015347068199f471ae22b7cb4d5e07855f67201de700286c40f81f5ab128c56e62da924fca277937a0af36c6e6f70ab8
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 18 4776 rundll32.exe 19 4776 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4648 wrote to memory of 4776 4648 rundll32.exe rundll32.exe PID 4648 wrote to memory of 4776 4648 rundll32.exe rundll32.exe PID 4648 wrote to memory of 4776 4648 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\otgewd.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\otgewd.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4776-2-0x0000000000000000-mapping.dmp