Overview

overview

8

Static

static

3

6cd3539575...51.dll

windows7-x64

8

6cd3539575...51.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    127s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6cd353957530eb16a1cff66b66c07d5bc682a5cbc38eeab4627146cacd0efa51.dll

  • Size

    11KB

  • MD5

    af7da0eed987ad6aac1b69a920f32192

  • SHA1

    894843f0abbf68b1fd1d5bffc3309fa1211de29a

  • SHA256

    6cd353957530eb16a1cff66b66c07d5bc682a5cbc38eeab4627146cacd0efa51

  • SHA512

    b104e0530c44d0165f19f3fef785b55a8f9f541a653af6ed2ca0317722795c19bd8c33d6ee60846dcb527e3215d84eac320c83a2697cce4981174353c7997e71

  • SSDEEP

    192:pumhleAXJEA9FFBoWoaVK180nS0WVZLXDyz2N3cZ:pjrerAAW/818+WrXD

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6cd353957530eb16a1cff66b66c07d5bc682a5cbc38eeab4627146cacd0efa51.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:376
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6cd353957530eb16a1cff66b66c07d5bc682a5cbc38eeab4627146cacd0efa51.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of WriteProcessMemory
      PID:4548
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\Persont.exe boot
        3⤵
          PID:1748

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads