eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 04:06

Target

eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175.dll
Size

262KB
MD5

b53cbe89c13dd860360eabd0b5424509
SHA1

6f1d45bc304d2e0a795e01a50085cd4f6d11fcb2
SHA256

eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175
SHA512

452607cf1bea2baab730baea7e55f2e9d35ef2d65d7d8ac4805ce7b3473eb450e3d4b9e979bc95f4a2dd796ee1ecf34b24ef31f6fc6d12648e94cfab96a40f70
SSDEEP

3072:ICw9AVKwGEOic8G7a7uIKtc/uBiXaSvTwxcQfGFTvDqwxoTO7zfF0HuYkV1SDYfW:KAbwm71Q4Ica6oTO7ziCd5yoeie3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 228	4868	rundll32.exe	90
PID 4868 wrote to memory of 228	4868	rundll32.exe	90
PID 4868 wrote to memory of 228	4868	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175.dll,#1
  2⤵
  PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:2372