ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568 | Triage

Analysis

max time kernel
164s
max time network
174s
platform
windows10_x64
resource
win10-en-20211104
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568.dll
Size

64KB
MD5

f0063ff9d44aa5a3abbf1623cf03055b
SHA1

4ca422db57bd8771daf8e2157a7cfce24a09a1c7
SHA256

ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568
SHA512

ae2967251d55f3057f4f0d37fdf78cf8c7695c18d275577b3aa4a38ca2cba269b9ae2101d3c3c2bd12d70a1b1b9933363826c03f3100bc9e4dc658793f663338

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 6 IoCs

flow	pid	Process
28	3168	rundll32.exe
29	3168	rundll32.exe
32	3168	rundll32.exe
35	3168	rundll32.exe
36	3168	rundll32.exe
38	3168	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 3168	3176	rundll32.exe	69
PID 3176 wrote to memory of 3168	3176	rundll32.exe	69
PID 3176 wrote to memory of 3168	3176	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:3168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads