Analysis
-
max time kernel
112s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/02/2024, 04:47
Behavioral task
behavioral1
Sample
adba84b3fe463d422cf59f5545e56b93.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
adba84b3fe463d422cf59f5545e56b93.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
adba84b3fe463d422cf59f5545e56b93.dll
-
Size
311KB
-
MD5
adba84b3fe463d422cf59f5545e56b93
-
SHA1
3bccffeead3b264ae2e6bc0bc338e1094bcd1a9e
-
SHA256
e1938c5c7265c713ca45e0de862a352147276453a92d29ba03010b4f019ef55e
-
SHA512
8f76ef2c39ff120c8a47f388b5c089c50d8b88b55561f8b36a97daeddea4e2d1ae97616f507f7b06520ef4d8fba3a4d19b152dc2525bd34f060df908e5dfbac1
-
SSDEEP
6144:YVUF8TKYkTzlGz9gOUb2GBqoOkR6loMnKXAOcIFzLy5vfhKzBTUCCTbBdQp0X:YaF8TK/lGRgOUqmq9kR6lhKXWJhKzBOd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 780 wrote to memory of 1668 780 rundll32.exe 72 PID 780 wrote to memory of 1668 780 rundll32.exe 72 PID 780 wrote to memory of 1668 780 rundll32.exe 72
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\adba84b3fe463d422cf59f5545e56b93.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:780 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\adba84b3fe463d422cf59f5545e56b93.dll,#12⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4152 --field-trial-handle=2588,i,4353937220825226770,7138584070663735671,262144 --variations-seed-version /prefetch:81⤵PID:3144