Analysis
-
max time kernel
123s -
max time network
126s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
10-12-2020 01:50
Static task
static1
Behavioral task
behavioral1
Sample
Arutxesb3.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Arutxesb3.dll
-
Size
432KB
-
MD5
c90f7887975937351782122deac2ba2f
-
SHA1
540a89a98a26c9b42418839f8aea57aaa74ce79f
-
SHA256
31d8a3551ab27eb493d57b851f406952d7287dee0b2072270427dc5f797dac51
-
SHA512
fde95a7c41cc66bc56847e7548851e84417fe119389539e14b1c1665840c680244b8b72282e4c3de0a77a73f4701c92d377c8d1b979d2803aca20487ee345976
Malware Config
Signatures
-
IcedID Core Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1912-3-0x0000000002CB0000-0x0000000002D57000-memory.dmp Icedid_core -
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 4 1912 rundll32.exe 6 1912 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 836 wrote to memory of 1912 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 1912 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 1912 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 1912 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 1912 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 1912 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 1912 836 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Arutxesb3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Arutxesb3.dll,#12⤵
- Blocklisted process makes network request