60a111541568bf0a54f1fc35c8004b80d17d77f46397b9a90464f4fd900386c0

Analysis

max time kernel
114s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 23:24

Target

c681974959a089cfa218603085060eae.dll
Size

7KB
MD5

c681974959a089cfa218603085060eae
SHA1

abda6a7ba4b453d7ea104a5f7f524e36c1418df0
SHA256

60a111541568bf0a54f1fc35c8004b80d17d77f46397b9a90464f4fd900386c0
SHA512

a7a6a4fc40233b1c619744fa60b9c6fff05381a29a2f0770df48471fef246fbf7627e44a5029916c8145762e87ae6284badfb4170ddaffcbd6fc0f4073da7f42
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWNbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPPq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 1904	2500	rundll32.exe	91
PID 2500 wrote to memory of 1904	2500	rundll32.exe	91
PID 2500 wrote to memory of 1904	2500	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c681974959a089cfa218603085060eae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c681974959a089cfa218603085060eae.dll,#1
  2⤵
  PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4228 --field-trial-handle=2260,i,9938964625802268469,1928462186077019554,262144 --variations-seed-version /prefetch:8
1⤵
PID:2968