9fe4fbfe05ae49defcd16032a7c2fc1893067f152ec17e632479ef36ed70bb80

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 16:04

Target

c101c799d4f6261c9dff6e18930f5738.dll
Size

89KB
MD5

c101c799d4f6261c9dff6e18930f5738
SHA1

91f79127e36cd11f266668ebc12df46e3482f65f
SHA256

9fe4fbfe05ae49defcd16032a7c2fc1893067f152ec17e632479ef36ed70bb80
SHA512

afd04fb1d838eb0753544a35d24acfa2d1de731778383827d5add1553a2a00a1c0b64915a32089992287c6deb649bbd3ec705e5f8b3efc25ae43bd69e62d4943
SSDEEP

1536:ykuacOnTIQTiOobuM03cxMvub4goNFKrGK9+qVHYVHWpbAo:+acHQfTd3cxL8gXSo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 4428	4152	rundll32.exe	95
PID 4152 wrote to memory of 4428	4152	rundll32.exe	95
PID 4152 wrote to memory of 4428	4152	rundll32.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c101c799d4f6261c9dff6e18930f5738.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c101c799d4f6261c9dff6e18930f5738.dll,#1
  2⤵
  PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:4784