Overview

overview

6

Static

static

3

c6ac7d24d8...33.dll

windows7-x64

6

c6ac7d24d8...33.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6ac7d24d8fcbf6373105b1750e35133.dll

  • Size

    17KB

  • MD5

    c6ac7d24d8fcbf6373105b1750e35133

  • SHA1

    c187cfaccf17246e4d190538b4b1a35b26bdcf3e

  • SHA256

    bdddec0720a7ddc9163e97425753c3ee625453339cd196b963014b161916f93d

  • SHA512

    98cd6a631643f676e21666ed8cc7fb8670fdb2adeaa304842dac97524dcdabedd8a32a44120f93bb57a1d3cb1d139059c076f4ef1eb3ade2e2f66a39af1d7378

  • SSDEEP

    384:Qzw0onx8cJv3W3WM/tJ1abDjbKdKm7K0Z2:QVonb3sWAif2bZ2

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6ac7d24d8fcbf6373105b1750e35133.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6ac7d24d8fcbf6373105b1750e35133.dll,#1
      2⤵
      • Adds Run key to start application
      PID:4732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads