Alert Information
High
- Alert ID
ind:b4ebfd0a1e2447bcb45b3b72c5794e0e:4950404482-10322-1815824- Composite ID
84393bf974fd44bda943a25a6a7bc27f:ind:b4ebfd0a1e2447bcb45b3b72c5794e0e:4950404482-10322-1815824- 설명
- A process appears to be executing code with Rundll32, which can be used by attackers to evade detection. Investigate the command line and process tree.
- 호스트
- DWSHIN
- 상태
- new
- 생성 시간
- 2025-12-09 12:19:24
- 업데이트 시간
- 2025-12-09 13:18:24
MITRE ATT&CK
- Tactic
- Defense Evasion
- Technique
- Rundll32
Command Line
"C:\Program Files\Google\Chrome\Application\chrome.exe" --new-window http://www.mediacategory.com/servlet/iadbn?from=hancap&s=131187&psb=99&returnUrl=http%3A%2F%2Fopen.hantools.co.kr%2Fv2%2Fflow_td_inc.asp%3Fguid%3D%7B1609957C%2D1803%2D4141%2DB0E9%2D74AFF1A7593D%7D
Raw JSON Data
{"id":"ind:b4ebfd0a1e2447bcb45b3b72c5794e0e:4950404482-10322-1815824","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:b4ebfd0a1e2447bcb45b3b72c5794e0e:4950404482-10322-1815824","agent_id":"b4ebfd0a1e2447bcb45b3b72c5794e0e","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A process appears to be executing code with Rundll32, which can be used by attackers to evade detection. Investigate the command line and process tree.","severity":70,"severity_name":"High","confidence":80,"tactic":"Defense Evasion","tactic_id":"TA0005","technique":"Rundll32","technique_id":"T1218.011","cmdline":"\u0022C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\u0022 --new-window http://www.mediacategory.com/servlet/iadbn?from=hancap\u0026s=131187\u0026psb=99\u0026returnUrl=http%3A%2F%2Fopen.hantools.co.kr%2Fv2%2Fflow_td_inc.asp%3Fguid%3D%7B1609957C%2D1803%2D4141%2DB0E9%2D74AFF1A7593D%7D","filename":"chrome.exe","filepath":"\\Device\\HarddiskVolume3\\Program Files\\Google\\Chrome\\Application\\chrome.exe","sha256":"dbb4e9d04a7de4f13e75ad30a8c1b11cadb568cd81c9cd2ae691d63df04fef86","status":"new","type":"ldt","created_timestamp":"2025-12-09T03:19:24.711278294Z","updated_timestamp":"2025-12-09T04:18:24.775084262Z","device":{"device_id":"b4ebfd0a1e2447bcb45b3b72c5794e0e","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.29.20108.0","hostname":"DWSHIN","local_ip":"10.24.11.136","external_ip":"211.198.135.5","mac_address":"5c-b4-7e-be-8e-58","platform_name":"Windows","os_version":"Windows 11"},"aggregate_id":"aggind:b4ebfd0a1e2447bcb45b3b72c5794e0e:4296718800","CreatedAt":"2025-12-09T12:19:24.7112783+09:00","UpdatedAt":"2025-12-09T13:18:24.7750843+09:00"}
Quick Info
- Severity High
- Score 70
-
Agent ID
b4ebfd0a1e2447bcb45b3b72c5794e0e
Actions