6ed68ecb7d085fc6da20b9ca8c5687e8e1d05e12379c94be37dee1f73809c34b

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 21:03

Target

acd9a6e38902f9f3b06408b9ef3aa919.dll
Size

242KB
MD5

acd9a6e38902f9f3b06408b9ef3aa919
SHA1

2f8cd48d8527b7a6e5f3aacd1d235b2e3bc70212
SHA256

6ed68ecb7d085fc6da20b9ca8c5687e8e1d05e12379c94be37dee1f73809c34b
SHA512

081e6c7bf659b3a09b92261d87848f91167fbf8635a75a944cb3482af124854231088b7a5c6b01c65c5a9d65626d4aff6c0e95e236c95be575eefe2517b58d05
SSDEEP

3072:noyxvfGCX2tMY/jgAg2qvCPdrqnS2zT4sPLc9Uq1ul5hrc:noQfL6MAgjbT4uc97j

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 3936	3788	rundll32.exe	94
PID 3788 wrote to memory of 3936	3788	rundll32.exe	94
PID 3788 wrote to memory of 3936	3788	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\acd9a6e38902f9f3b06408b9ef3aa919.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\acd9a6e38902f9f3b06408b9ef3aa919.dll,#1
  2⤵
  PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:3736

memory/3936-0-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download