aa5a572f99f7ce4aa17d8de178619820be65ec9564bd5f5bf2e3438323a79ba0

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 23:50

Target

aa5a572f99f7ce4aa17d8de178619820be65ec9564bd5f5bf2e3438323a79ba0.dll
Size

6KB
MD5

8e883e069685269a7e4edf0df1e65940
SHA1

7515e4f63b640fdf622e7a6bca248fdc36da21c6
SHA256

aa5a572f99f7ce4aa17d8de178619820be65ec9564bd5f5bf2e3438323a79ba0
SHA512

f7cb0d7f138d2a6fcaf7447e1714cc321fc88f218249cd5fef4eb7c39024d16a443917d444e93c79ab2e79bb19f7a9e3de022e03ae87ab5c352c1a60c806c4f3
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G0DB+BDq9J5S2:0QDV8FscMjsLFV37B+FqX5S2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 4572	2880	rundll32.exe	94
PID 2880 wrote to memory of 4572	2880	rundll32.exe	94
PID 2880 wrote to memory of 4572	2880	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa5a572f99f7ce4aa17d8de178619820be65ec9564bd5f5bf2e3438323a79ba0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa5a572f99f7ce4aa17d8de178619820be65ec9564bd5f5bf2e3438323a79ba0.dll,#1
  2⤵
  PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:2612