31c68b706756abd0dc7d3018e61fa34d4201c41a63fd136e2f479e9a9c8f4892

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 17:08

Target

31c68b706756abd0dc7d3018e61fa34d4201c41a63fd136e2f479e9a9c8f4892.dll
Size

899KB
MD5

a4813387559724b7ebf085bf5b140579
SHA1

536f5ded2fde0b5526813d0987393750d3ed52b2
SHA256

31c68b706756abd0dc7d3018e61fa34d4201c41a63fd136e2f479e9a9c8f4892
SHA512

2ac929425e76df4d5e378a32f54642a24a6a606f456bd5c5251f0ce8a5f315fab3a8e13d221063affd93b81b83943f5c4d7f914975501f619676e90b0af251f9
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXF:7wqd87VF

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3324	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 3324	1184	rundll32.exe	90
PID 1184 wrote to memory of 3324	1184	rundll32.exe	90
PID 1184 wrote to memory of 3324	1184	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\31c68b706756abd0dc7d3018e61fa34d4201c41a63fd136e2f479e9a9c8f4892.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\31c68b706756abd0dc7d3018e61fa34d4201c41a63fd136e2f479e9a9c8f4892.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2232 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:1508