f093e5e2eb9e0bc17dda90ed31be5663f948240679e6da5808fc0fcfa8a85514

Analysis

max time kernel
158s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 21:31

Target

165156519a213d58d465ba5b5ce8b486.dll
Size

81KB
MD5

165156519a213d58d465ba5b5ce8b486
SHA1

5bb0afb9b7a55fd16f6097081080c2f9914b588d
SHA256

f093e5e2eb9e0bc17dda90ed31be5663f948240679e6da5808fc0fcfa8a85514
SHA512

ad2a6b98a01316feef6c2399881bfe83151e14c4eb21256958850bc53febec642a1315b2f9ac8405fcffe03b76c91830a02e4f6b0884415357e7cf65ce83cca3
SSDEEP

1536:8c+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+GC:T+5oxmqAiR8+/RBkez0U+9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 4804	992	rundll32.exe	93
PID 992 wrote to memory of 4804	992	rundll32.exe	93
PID 992 wrote to memory of 4804	992	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\165156519a213d58d465ba5b5ce8b486.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\165156519a213d58d465ba5b5ce8b486.dll,#1
  2⤵
  PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2292,i,2927097380497635931,2014459809064723663,262144 --variations-seed-version /prefetch:8
1⤵
PID:216