732b0b4e38e615880b8213a127b3d934fab654e0396d482b30b39bb67dc9ebdf

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 05:53

Target

2e38e42476884b6d870067230f9df285.dll
Size

7KB
MD5

2e38e42476884b6d870067230f9df285
SHA1

5a9480a8f42f5ef1b11c9c18e45ae01dc2e50d9a
SHA256

732b0b4e38e615880b8213a127b3d934fab654e0396d482b30b39bb67dc9ebdf
SHA512

37a6a9f1be76e0ecefc67656bd9ea616da59e391802da2d891dc0689524988fe8e5b92e1c77e73162293e46a847617d875723119781fe6aa6e326a1cad767675
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWobABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPiq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 416 wrote to memory of 4848	416	rundll32.exe	92
PID 416 wrote to memory of 4848	416	rundll32.exe	92
PID 416 wrote to memory of 4848	416	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e38e42476884b6d870067230f9df285.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e38e42476884b6d870067230f9df285.dll,#1
  2⤵
  PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
1⤵
PID:4960