2ceb7b145eb1c6cc76df1d88f1f28b78b75d204a576ef919e8fc6de9f167ccf4

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 19:32

Target

2ceb7b145eb1c6cc76df1d88f1f28b78b75d204a576ef919e8fc6de9f167ccf4.dll
Size

342KB
MD5

f5aefc29ee1ec69aa6b41215bddf015c
SHA1

eea9a6b5f7bae8dd807e0e2c780ffcbe673dc224
SHA256

2ceb7b145eb1c6cc76df1d88f1f28b78b75d204a576ef919e8fc6de9f167ccf4
SHA512

88c8170b0650c8a45067e10c59f40a08431c4278815a3d2419f541556028b38187113925587d83a2a704fee583d5e0339fcdf70ee78311a41f767a81275e53a8
SSDEEP

6144:HRoOpXN8bEvZehNyi5qlscXsKCkSLjn7WQDilmvWpJJvEiw:HRoOpXCjNwlscXeJikilmvYEiw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 4028	5080	rundll32.exe	93
PID 5080 wrote to memory of 4028	5080	rundll32.exe	93
PID 5080 wrote to memory of 4028	5080	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ceb7b145eb1c6cc76df1d88f1f28b78b75d204a576ef919e8fc6de9f167ccf4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ceb7b145eb1c6cc76df1d88f1f28b78b75d204a576ef919e8fc6de9f167ccf4.dll,#1
  2⤵
  PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
1⤵
PID:2220