Analysis
-
max time kernel
124s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 19:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cc3125e6c4c1eef101acc3a359f69ef4.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
cc3125e6c4c1eef101acc3a359f69ef4.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
cc3125e6c4c1eef101acc3a359f69ef4.dll
-
Size
32KB
-
MD5
cc3125e6c4c1eef101acc3a359f69ef4
-
SHA1
744f210c6cafa1f0788e44f92f083bc0544ddffc
-
SHA256
e3e558c8394406dc62903c9260784334efaaec86f3d6354ee8dfca3c18e0f344
-
SHA512
431697dfe41ecc821e0bb82df82e8b0a1403fc8a5a0c57e451d0cafcec128a9dd4a6e146451db5d239ac3908655f62de7f3f08725651328614f25edbbbf70213
-
SSDEEP
384:zgP2pzaY8I0NWMSFu3YGUOezc1mlf0F0Zt:lPbMW5Qez63w
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2880 wrote to memory of 1220 2880 rundll32.exe 94 PID 2880 wrote to memory of 1220 2880 rundll32.exe 94 PID 2880 wrote to memory of 1220 2880 rundll32.exe 94
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc3125e6c4c1eef101acc3a359f69ef4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc3125e6c4c1eef101acc3a359f69ef4.dll,#12⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3752 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:81⤵PID:4624