f2e2be15a72bae626425627bba35b279a8b9fae83b72f85a5d7df92ae43178bc

Analysis

max time kernel
140s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 14:54

Target

f2e2be15a72bae626425627bba35b279a8b9fae83b72f85a5d7df92ae43178bc.dll
Size

36KB
MD5

328264b248d7bc42cafc240e0a0a2c20
SHA1

1d94268b3c7532921c93dc83fca6d0ac21e96697
SHA256

f2e2be15a72bae626425627bba35b279a8b9fae83b72f85a5d7df92ae43178bc
SHA512

b47558b57f3462cce6bdb27ec14960eb89db3270fc802cc3c116e165475851a0d53c9f24c131cc35591e9c0f47248c20fa1154b51a01389910f97916332c8f6b
SSDEEP

768:B9aZ/adyHjt2hLFsTUOsk23NZdju/eEl:B+t2hLFsTUO0RuG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 3296	4780	rundll32.exe	94
PID 4780 wrote to memory of 3296	4780	rundll32.exe	94
PID 4780 wrote to memory of 3296	4780	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2e2be15a72bae626425627bba35b279a8b9fae83b72f85a5d7df92ae43178bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2e2be15a72bae626425627bba35b279a8b9fae83b72f85a5d7df92ae43178bc.dll,#1
  2⤵
  PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=3536,i,10914981530159316853,12381340356750224673,262144 --variations-seed-version /prefetch:8
1⤵
PID:2756