268e2a6af5be69b550fbe4d4044a23b7cb97a9840d9b85cb14a0c144d15549f0

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 09:59

Target

268e2a6af5be69b550fbe4d4044a23b7cb97a9840d9b85cb14a0c144d15549f0.dll
Size

32KB
MD5

98dfe87e50ba000aace64a0e41e3996a
SHA1

f7304c6a6be6e49e3ece2fe6772a23abb161d0f3
SHA256

268e2a6af5be69b550fbe4d4044a23b7cb97a9840d9b85cb14a0c144d15549f0
SHA512

f66e1e7d19ce3fc8300267ba929dd1ed765674120f89db40ae3bd54cad2c26f98af0b6fa1dc4100f3fe2e671eb709569a821ccd7bec0ba0e7028fcf32faa99cf
SSDEEP

768:9Lx21pMwQD00RDYwP7oKMAKMApXny2csxTY:9LxwpMjD04cwPcKpAA2c8T

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 2096	4752	rundll32.exe	91
PID 4752 wrote to memory of 2096	4752	rundll32.exe	91
PID 4752 wrote to memory of 2096	4752	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\268e2a6af5be69b550fbe4d4044a23b7cb97a9840d9b85cb14a0c144d15549f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\268e2a6af5be69b550fbe4d4044a23b7cb97a9840d9b85cb14a0c144d15549f0.dll,#1
  2⤵
  PID:2096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:3168