b773768308ebb6a116c1ad2bb681a78b19175b8e382a6d7fb046957b7d1fb89b

Analysis

max time kernel
110s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 23:36

Target

b773768308ebb6a116c1ad2bb681a78b19175b8e382a6d7fb046957b7d1fb89b.dll
Size

81KB
MD5

0ac83a0f0e30fc67bdd7bf6f37db2d0e
SHA1

6bb8fd60b28a4c3d887ad097795663e6edc87bd1
SHA256

b773768308ebb6a116c1ad2bb681a78b19175b8e382a6d7fb046957b7d1fb89b
SHA512

3e211d9902fb77367d6b233f6e5a15cb2ae46d5f40bc5b2155ae1f11b026517aab4c2e06aa28a2dac0ba0605c9c439946443b9fb9ce31164f6e5b3445aa131b3
SSDEEP

1536:Hc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+Gb:8+5oxmqAiR8+/RBkez0U+s

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 3772	392	rundll32.exe	91
PID 392 wrote to memory of 3772	392	rundll32.exe	91
PID 392 wrote to memory of 3772	392	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b773768308ebb6a116c1ad2bb681a78b19175b8e382a6d7fb046957b7d1fb89b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b773768308ebb6a116c1ad2bb681a78b19175b8e382a6d7fb046957b7d1fb89b.dll,#1
  2⤵
  PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4200 --field-trial-handle=2304,i,7548677271533893574,11048237606705436109,262144 --variations-seed-version /prefetch:8
1⤵
PID:1996