78366b123438b7cd2f167e49623104b76a0e27334ce3f39b91a36abe8c67d665

Analysis

Target

78366B123438B7CD2F167E49623104B76A0E27334CE3F.dll
Size

122KB
MD5

948717a6d0102100a857555db2579f90
SHA1

5dd65a1535b793f7c314b00f18e6a81f3ccb6fb8
SHA256

78366b123438b7cd2f167e49623104b76a0e27334ce3f39b91a36abe8c67d665
SHA512

eb2437d578e368e2accebf38fc75bf82138083b91b9b630651a78d72a1896dd538d249a64a34afdaf7bfec3da2b9ebd433a9d50c5bc3fe9b4c6add12493609cb

Score

8^/10

persistence

Modifies Installed Components in the registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3988 wrote to memory of 2688	3988	rundll32.exe	rundll32.exe
PID 3988 wrote to memory of 2688	3988	rundll32.exe	rundll32.exe
PID 3988 wrote to memory of 2688	3988	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\78366B123438B7CD2F167E49623104B76A0E27334CE3F.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\78366B123438B7CD2F167E49623104B76A0E27334CE3F.dll,#1
  2⤵
  PID:2688

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact