19600eebd0f4995bfef64a2c9f8374fb0fd13475d1fa1b9235d7b80290edad3d

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 20:16

Target

cc543e6aec80a3fdde84426db07f6e7f.dll
Size

92KB
MD5

cc543e6aec80a3fdde84426db07f6e7f
SHA1

89fec0cbc048791947508c80cc2cfeca471e29df
SHA256

19600eebd0f4995bfef64a2c9f8374fb0fd13475d1fa1b9235d7b80290edad3d
SHA512

547f5ca42d38dc836d98de37b01bd9de1480ff256b6fa36de51eab7c88401c4999d36b7b63978c7ffa54a3006fa251cad56562359fcd9254eef53dfe545431a3
SSDEEP

1536:s3wRyhcKCEPfqnpOWtb0xQzN0eBz/8HGZBT/ytyFbbZF6C0:sA4hcKJPfqnl0cJkHGZ1Vdbk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 4348	2388	rundll32.exe	94
PID 2388 wrote to memory of 4348	2388	rundll32.exe	94
PID 2388 wrote to memory of 4348	2388	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc543e6aec80a3fdde84426db07f6e7f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc543e6aec80a3fdde84426db07f6e7f.dll,#1
  2⤵
  PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=2260,i,3303482231723870786,2954015409682154873,262144 --variations-seed-version /prefetch:8
1⤵
PID:2524

memory/4348-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download