ca4132976b2db0dbd46beeea81f8f397a6019f6a29794ed985c52111ab15136d | Triage

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 19:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

521e46378e25fb74da2b1c1a3d837d1b.dll
Size

3KB
MD5

521e46378e25fb74da2b1c1a3d837d1b
SHA1

1608adcec76e72564b750cb847f9d06b2117dbdb
SHA256

ca4132976b2db0dbd46beeea81f8f397a6019f6a29794ed985c52111ab15136d
SHA512

8ac5147a88b39fdd841982a4079c186ca60922d3c75325efcfc9876d4460eb2651f4889a6bd81a8133e4dca5fe10379166ee5fa40308618d4458632d4e739796

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 4640	1952	rundll32.exe	93
PID 1952 wrote to memory of 4640	1952	rundll32.exe	93
PID 1952 wrote to memory of 4640	1952	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\521e46378e25fb74da2b1c1a3d837d1b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\521e46378e25fb74da2b1c1a3d837d1b.dll,#1
  2⤵
  PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4456 --field-trial-handle=2244,i,861925222566734100,5228329984880658054,262144 --variations-seed-version /prefetch:8
1⤵
PID:4308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads