68129bd2f7a6e3a657f03373e5ae32ff821a8b7c37ad545f99cf0a7d8f8d2d78

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 21:55

Target

68129bd2f7a6e3a657f03373e5ae32ff821a8b7c37ad545f99cf0a7d8f8d2d78.dll
Size

5KB
MD5

5995da45ce5159307ef89f6301670526
SHA1

cbc6deba863ff7a1097fa89f07a1a98ffcc6c72d
SHA256

68129bd2f7a6e3a657f03373e5ae32ff821a8b7c37ad545f99cf0a7d8f8d2d78
SHA512

897cf7b4f92cfce249af7808bc5281a7ed59ed06909f95dddec04f5cecb0ecedcff0ff952e5a4d9275a2f495364399ae5bd9b45740fdd8bf693de864e7758249
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqioKdrCwOnjjrIWuYl2sTQGFnCIH37vJ:hy859x0P8MaixJYvrIWL2s4IX7vJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 4408	1284	rundll32.exe	92
PID 1284 wrote to memory of 4408	1284	rundll32.exe	92
PID 1284 wrote to memory of 4408	1284	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68129bd2f7a6e3a657f03373e5ae32ff821a8b7c37ad545f99cf0a7d8f8d2d78.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\68129bd2f7a6e3a657f03373e5ae32ff821a8b7c37ad545f99cf0a7d8f8d2d78.dll,#1
  2⤵
  PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5240 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4752