11d2552502822dcdbc73eaa9d3227e2780cef0fc2acf4704e4a4a1031487e0f6 | Triage

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 00:47

Sharing

Report Analysis Logs

General

Target

bd3a2325ab63cfdf049a723b50082750.dll
Size

510KB
MD5

bd3a2325ab63cfdf049a723b50082750
SHA1

2e509b275f8e3d8de6bf4e48dac90c9e4d74fed4
SHA256

11d2552502822dcdbc73eaa9d3227e2780cef0fc2acf4704e4a4a1031487e0f6
SHA512

212df6c0aa0d7dc29d902809422335cd5f0325a746a62fa51b8b8c1c173c670b6494b41bb25f383ed02eaa797828dc94261c4bfd404f95e89b2a5ed1bc61e526
SSDEEP

12288:4DLZfnglu2BpLiPwlUfIKKuioD4LP22dwfEt6KBc:4DBgllsQUfIKKuZAP2Wq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 620	3792	rundll32.exe	95
PID 3792 wrote to memory of 620	3792	rundll32.exe	95
PID 3792 wrote to memory of 620	3792	rundll32.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd3a2325ab63cfdf049a723b50082750.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd3a2325ab63cfdf049a723b50082750.dll,#1
  2⤵
  PID:620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads