a4ab2cf8bb501492ea02be2e287fab90bb3d7c033a6f59db316e0f11197f3a6e

Analysis

max time kernel
144s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 18:04

Target

a4ab2cf8bb501492ea02be2e287fab90bb3d7c033a6f59db316e0f11197f3a6e.dll
Size

51KB
MD5

318c98b9dcc94be6d3e136c52a2d614d
SHA1

a28191440081764179c55836d8f190f69a5cedc2
SHA256

a4ab2cf8bb501492ea02be2e287fab90bb3d7c033a6f59db316e0f11197f3a6e
SHA512

c3d4f35e5596c3aa59a912bb96c26759110304978ab885602c1a1ecb371b18665ea0630084bf5002a43bdd966ce80b5ba4dc99260ec563b96ac65955de81497f
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLmJYH5:1dWubF3n9S91BF3fboqJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2064	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2064	3024	rundll32.exe	96
PID 3024 wrote to memory of 2064	3024	rundll32.exe	96
PID 3024 wrote to memory of 2064	3024	rundll32.exe	96

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4ab2cf8bb501492ea02be2e287fab90bb3d7c033a6f59db316e0f11197f3a6e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4ab2cf8bb501492ea02be2e287fab90bb3d7c033a6f59db316e0f11197f3a6e.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2256,i,9172343514068348080,519219714517961765,262144 --variations-seed-version /prefetch:8
1⤵
PID:4552