6f654464d2aef691927c54f432b736b1724788e782a3fafbea3717e13ae5c6e7 | Triage

Analysis

max time kernel
127s
max time network
152s
platform
windows10_x64
resource
win10-en-20211104
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

6f654464d2aef691927c54f432b736b1724788e782a3fafbea3717e13ae5c6e7.dll
Size

52KB
MD5

ff827b4ca44166c6b40b63dec8e71a36
SHA1

e76f121b6c38205515b10ec02af213da46c465d1
SHA256

6f654464d2aef691927c54f432b736b1724788e782a3fafbea3717e13ae5c6e7
SHA512

519bef6aa5c1965f9be02f1feff0e2d12e8f2d75ebc19f6bfadcb28a879d8283485bfec9289cf701263fa8d780675e0b02f5316431c49ae8eecc6d366cbf60f3

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
27	4216	rundll32.exe
29	4216	rundll32.exe
32	4216	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 4216	3988	rundll32.exe	68
PID 3988 wrote to memory of 4216	3988	rundll32.exe	68
PID 3988 wrote to memory of 4216	3988	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f654464d2aef691927c54f432b736b1724788e782a3fafbea3717e13ae5c6e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f654464d2aef691927c54f432b736b1724788e782a3fafbea3717e13ae5c6e7.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:4216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads