2fc6d12420e82684ae917886fe6b2d8b58122b44c2390bbb4ca5ace80a3ecff6 | Triage

Analysis

max time kernel
125s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 22:23

Sharing

Report Analysis Logs

General

Target

4420ede8e29bc3677b1de23db6bfca5d.dll
Size

6KB
MD5

4420ede8e29bc3677b1de23db6bfca5d
SHA1

c06c1446b64ae567a54b148a121ef8ed29c22519
SHA256

2fc6d12420e82684ae917886fe6b2d8b58122b44c2390bbb4ca5ace80a3ecff6
SHA512

273f193cb06979a6e1b6c276f3c435a09f3bcf3e5bb92a6cc54a2991a58db366b91577be6d4f93656572ba1ed1629235e610fee0678686a8f158d5c16c614959
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0NB+BDq9J5SH:VDa9VUX9bQWtB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 4832	1700	rundll32.exe	92
PID 1700 wrote to memory of 4832	1700	rundll32.exe	92
PID 1700 wrote to memory of 4832	1700	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4420ede8e29bc3677b1de23db6bfca5d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4420ede8e29bc3677b1de23db6bfca5d.dll,#1
  2⤵
  PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4152 --field-trial-handle=3016,i,1323102786462900035,7687994236215859601,262144 --variations-seed-version /prefetch:8
1⤵
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads