10f02c0b90fd30a7abd13ca0f55680bee7ea0529a66c744fdb2b1bf4cfc0e713

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2024, 01:54

Target

$PLUGINSDIR/vmddoxkq.dll
Size

121KB
MD5

26568fbe09cf60fb6d3c570b139656d0
SHA1

e05d018ecb59fe1dfbcb46e6b6b816eaf94172c4
SHA256

5d9306712abc8b0718b24d56523e9a32e6d78e9ded425ff45ad87e048d61a637
SHA512

fd0c529ae730de30313ce1055dbaaf366439f96f69f3db2df9988ab5fb89b6da68011e9ca33cc049dae9e37a383bff9eac85dc1c47f481aeb82ebc45214eee68
SSDEEP

1536:GSa5O37CjPOAnsHFN7qeysht/v0Z7lmk7nNBX+elZuw0CFw5MSHIW:Ha5wGjPsHqNMsmkfuelZu1CFjSHx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1776	1464	rundll32.exe	95
PID 1464 wrote to memory of 1776	1464	rundll32.exe	95
PID 1464 wrote to memory of 1776	1464	rundll32.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\vmddoxkq.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\vmddoxkq.dll,#1
  2⤵
  PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:3436