This analytic rule detects suspicious activity by monitoring the `rundll32.exe` process associated with DNS queries and HTTP connections, leveraging Sysmon EventCode 22 logs. The presence of `rundll32.exe` making DNS queries is particularly notable due to its association with the IcedID malware, which uses this process to verify internet connectivity and communicate with command and control (C&C) servers for downloading configurations and additional payloads. Such activity is alarming as it could allow malware authors to maintain persistence and exfiltrate sensitive data, thereby posing a considerable risk to network security. Therefore, detecting such behavior is crucial for timely incident response and mitigation against potential malware threats.