1c055c4009a511b4a02e98f2aa72dcb84ff8088ca33ed49a7e01c90044d9349d | Triage

Analysis

max time kernel
151s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 05:52

Sharing

Report Analysis Logs

General

Target

c29b6abf62592fc73f4f07e24f8f7b87.dll
Size

568KB
MD5

c29b6abf62592fc73f4f07e24f8f7b87
SHA1

d50fe8f6f9cf2dd6d2434d878a5081a5db2d26bc
SHA256

1c055c4009a511b4a02e98f2aa72dcb84ff8088ca33ed49a7e01c90044d9349d
SHA512

a357519ec0d1a77c46cab8fea722e3cb6a3a3b978f6e9f66d0b562fcd3c329f2fb543c99a96616be618b6b75360b2837aea99a36eb84dea6e8e199d60513aea2
SSDEEP

12288:MBe0KFUYaUdbYNcGn1GwIOVribDtszLnR7s:MAAUdMNH1GaV66zL1s

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 2060	3132	rundll32.exe	93
PID 3132 wrote to memory of 2060	3132	rundll32.exe	93
PID 3132 wrote to memory of 2060	3132	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c29b6abf62592fc73f4f07e24f8f7b87.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c29b6abf62592fc73f4f07e24f8f7b87.dll,#1
  2⤵
  PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads