b686861658cd0880d716c7bf5acfa9f7e31db29898f6e3023475e03bdaa465c7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 20:57

Target

d4828c008540f1f1baeb32690495fdf6.dll
Size

350KB
MD5

d4828c008540f1f1baeb32690495fdf6
SHA1

69014981855e378d95b5bde1a22cd54b17ea64f8
SHA256

b686861658cd0880d716c7bf5acfa9f7e31db29898f6e3023475e03bdaa465c7
SHA512

df0726eef7fb4de0d01d988ee935c6572b2331f872683d800be6376d26bacb356fec042204904ca91867be0db2ebe4d57f8a13eeb52dafb79a0c81ada4d374a0
SSDEEP

6144:76XNTOEJW3sESl8IfFY1iyxQUa5YY+i6Rj5gSiai8:7g11ES1CLxQUuYY+iIfig

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 1268	3512	rundll32.exe	98
PID 3512 wrote to memory of 1268	3512	rundll32.exe	98
PID 3512 wrote to memory of 1268	3512	rundll32.exe	98

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4828c008540f1f1baeb32690495fdf6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4828c008540f1f1baeb32690495fdf6.dll,#1
  2⤵
  PID:1268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:2024