be2a54446611b9a68e37aa032d2df8fef4b173748908f5b8201ac88f9154bb66

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 16:10

Target

bf082f4a239e42f76fb569b3a82dd65d.dll
Size

756KB
MD5

bf082f4a239e42f76fb569b3a82dd65d
SHA1

d3b72ee9e7895d6fd71f4ed0e8dab13b10abd4a6
SHA256

be2a54446611b9a68e37aa032d2df8fef4b173748908f5b8201ac88f9154bb66
SHA512

40a14e67b0847832747611f95cd07cec3514d2e4ef4603748a587802e95c8fed6dd483cdf2ebb088d723c7bd2d0632f089132561d969edc4156fd67cd53f0343
SSDEEP

192:SOzcBedUlMjY3l2r97akuorlP8yufoKd+SPnyWVvLfAZVpMHKq8FiKQ:SOoiStnLLET0yIAZUHK8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 2952	4128	rundll32.exe	94
PID 4128 wrote to memory of 2952	4128	rundll32.exe	94
PID 4128 wrote to memory of 2952	4128	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf082f4a239e42f76fb569b3a82dd65d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf082f4a239e42f76fb569b3a82dd65d.dll,#1
  2⤵
  PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:1308

memory/2952-0-0x0000000020000000-0x0000000020008000-memory.dmp

Filesize
32KB

Download
memory/2952-1-0x0000000020000000-0x0000000020008000-memory.dmp

Filesize
32KB

Download