3868b217c188ebf64b21e36dd63d53d31444ae17c470be9ab8084cff6d563dba

Analysis

max time kernel
123s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 19:03

Target

3868b217c188ebf64b21e36dd63d53d31444ae17c470be9ab8084cff6d563dba.dll
Size

899KB
MD5

8e9e9bbd946b9a065a7c69f81d09e8e7
SHA1

02674ea9419761a7c282446c802ad2d1441b42d8
SHA256

3868b217c188ebf64b21e36dd63d53d31444ae17c470be9ab8084cff6d563dba
SHA512

b6bcb1ce642eeb2ebb39dbc08753daeab774acff1c611543fd25e47ae4cd0df009f643896cf1123a0aa16955865b0cfe9ea551fd92e9f95735495a70c41be0d8
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXM:7wqd87VM

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2920	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 2920	1828	rundll32.exe	93
PID 1828 wrote to memory of 2920	1828	rundll32.exe	93
PID 1828 wrote to memory of 2920	1828	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3868b217c188ebf64b21e36dd63d53d31444ae17c470be9ab8084cff6d563dba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3868b217c188ebf64b21e36dd63d53d31444ae17c470be9ab8084cff6d563dba.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1688 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:8
1⤵
PID:4980