e5a6e57480a17d9255b2c73fff4c314e74da3ff2bae12e5867f7a94bd7a42d23

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 01:59

Target

e5a6e57480a17d9255b2c73fff4c314e74da3ff2bae12e5867f7a94bd7a42d23.dll
Size

6KB
MD5

dedb84b1089e4c0a0921b479128cb05b
SHA1

0d4d69284ee5073a8c121d9e80c8d4814fd5cc7b
SHA256

e5a6e57480a17d9255b2c73fff4c314e74da3ff2bae12e5867f7a94bd7a42d23
SHA512

4c24a06681f91e2a2246704fb19aa44f42af1303b8bc9658b104cef38ad510b17a5e5d9d9d5832ad8d2889fc23ee29d0d9ce5b6f969c20a46c45c3cb3888b7e5
SSDEEP

48:6amN5YVOy1VEvy/dw25M+e0oB+BDq9J5SzXH:Wy1VEvayP+YB+FqX5SzX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 3328	3960	rundll32.exe	94
PID 3960 wrote to memory of 3328	3960	rundll32.exe	94
PID 3960 wrote to memory of 3328	3960	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5a6e57480a17d9255b2c73fff4c314e74da3ff2bae12e5867f7a94bd7a42d23.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5a6e57480a17d9255b2c73fff4c314e74da3ff2bae12e5867f7a94bd7a42d23.dll,#1
  2⤵
  PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2756 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:3844