54b3b99621873ec16489eb92f2d0aeed89322ebbc37834f791ecee500a418187

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 13:39

Target

bbf26d09d91b749f14a6e78b362a51c1.dll
Size

728KB
MD5

bbf26d09d91b749f14a6e78b362a51c1
SHA1

7e952caec6ab5d96bf9d042c93479468de3e7f81
SHA256

54b3b99621873ec16489eb92f2d0aeed89322ebbc37834f791ecee500a418187
SHA512

729a13bc831977c6c06af2c1301f09c7572999e607177b14f62bd4dfa9555549f9f9e546b207d2d50111e424815ed9f999a48c8e1a7936461f607d5acbb9d3fd
SSDEEP

12288:Bq8y+UwshdkRuOucnwcwi8mNRWjkkkkkkkkkkkkkkUkkkkkkkkkkkkkkkkkkkkkF:BqUUkR7ucnwcwi8mPCkkkkkkkkkkkkkw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1112	1868	rundll32.exe	94
PID 1868 wrote to memory of 1112	1868	rundll32.exe	94
PID 1868 wrote to memory of 1112	1868	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbf26d09d91b749f14a6e78b362a51c1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbf26d09d91b749f14a6e78b362a51c1.dll,#1
  2⤵
  PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3776 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4164

memory/1112-0-0x000000004A800000-0x000000004A8B7000-memory.dmp

Filesize
732KB

Download