cfe1e115a419e3fd2b886cd2a02e257fe413bcb9c7d9d674de8b215cbb8da97a

Analysis

max time kernel
147s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 19:36

Target

cfe1e115a419e3fd2b886cd2a02e257fe413bcb9c7d9d674de8b215cbb8da97a.dll
Size

51KB
MD5

cbcc65043b66f8171e92918001744c48
SHA1

0d170d3724e38f9c88b0c2cab749d0a6936a5758
SHA256

cfe1e115a419e3fd2b886cd2a02e257fe413bcb9c7d9d674de8b215cbb8da97a
SHA512

1caf8a4e43103ae588468c5349fbd0362786cde74c754605324df216bbc2a9325e0ae48f1b5dc4bea42223a3948315c349aebb70189e6d36d60260285fd94ff5
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLKJYH5:1dWubF3n9S91BF3fboWJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1112	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1112	2892	rundll32.exe	95
PID 2892 wrote to memory of 1112	2892	rundll32.exe	95
PID 2892 wrote to memory of 1112	2892	rundll32.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfe1e115a419e3fd2b886cd2a02e257fe413bcb9c7d9d674de8b215cbb8da97a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfe1e115a419e3fd2b886cd2a02e257fe413bcb9c7d9d674de8b215cbb8da97a.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3976 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:5112