79e5f817d79ca161e743b29bc785d5d444abbd04851c30ea36d0566c8c832df5 | Triage

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 09:07

Sharing

Report Analysis Logs

General

Target

decaedfcf5318492aec0660be40515af.dll
Size

64KB
MD5

decaedfcf5318492aec0660be40515af
SHA1

4523071f3ec5e1bcca64de4c0485e7bde10b6f0b
SHA256

79e5f817d79ca161e743b29bc785d5d444abbd04851c30ea36d0566c8c832df5
SHA512

51eb0b17f3048d813f82f8d69984421b0237bd05b4355819a1d95dbe3ac491c7b0416b417b41f024b64714d722ef7b3911e85993df52175ded16e04df55b7097
SSDEEP

768:iowRXb5MpftZ8XhSP2ihy62q55xUGAsISaKK1m0h:iowBdM1tuXif5HUGAsa1J

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 1516	948	rundll32.exe	93
PID 948 wrote to memory of 1516	948	rundll32.exe	93
PID 948 wrote to memory of 1516	948	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\decaedfcf5318492aec0660be40515af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\decaedfcf5318492aec0660be40515af.dll,#1
  2⤵
  PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads