72ed15edb8871e3e0905fc1f6655ee56cab439bd65d66edb87ab41e69c9bd501

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 10:04

Target

72ed15edb8871e3e0905fc1f6655ee56cab439bd65d66edb87ab41e69c9bd501.dll
Size

51KB
MD5

c9781b7edfaad4a3964d6f6549e528db
SHA1

3fe22349c33c606e783506710bc98edf498c606c
SHA256

72ed15edb8871e3e0905fc1f6655ee56cab439bd65d66edb87ab41e69c9bd501
SHA512

061689360ff6898adba522d94e2881f579250446958ae01ea5461444d0992422af25e9201622ff44695e9811b989487f0c3ae8a894a5b67cb62fa99a86e04aae
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezLsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBopMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
432	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 432	4012	rundll32.exe	93
PID 4012 wrote to memory of 432	4012	rundll32.exe	93
PID 4012 wrote to memory of 432	4012	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\72ed15edb8871e3e0905fc1f6655ee56cab439bd65d66edb87ab41e69c9bd501.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\72ed15edb8871e3e0905fc1f6655ee56cab439bd65d66edb87ab41e69c9bd501.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4164 --field-trial-handle=2132,i,4018525042804461719,1997165676266557055,262144 --variations-seed-version /prefetch:8
1⤵
PID:1200