52decca20b16b2882b72a85a2d86e721d3cd077ea7a0e2417407f073a90982e4

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 21:37

Target

52decca20b16b2882b72a85a2d86e721d3cd077ea7a0e2417407f073a90982e4.dll
Size

6KB
MD5

4b54b727097f7d9de160b20838f0bf6c
SHA1

f500c9c6a3e55b9c57e20ac3a68b4bca598518ca
SHA256

52decca20b16b2882b72a85a2d86e721d3cd077ea7a0e2417407f073a90982e4
SHA512

77a4fbb9d3bacb7ba0bb2b565352afd7d153421b0c1639030f203d13221b173da62697c2ef769e2327e2ac2f1709e7a6275be620f05ddfe48a0744224121574c
SSDEEP

96:z0QR9B6BvAwbZWxBvGt+2Ll0yBxgU5AhM9ndt6Fe2cZKZ:JR94/bZEBva+2LlAbM9dEX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 3652	1448	rundll32.exe	91
PID 1448 wrote to memory of 3652	1448	rundll32.exe	91
PID 1448 wrote to memory of 3652	1448	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52decca20b16b2882b72a85a2d86e721d3cd077ea7a0e2417407f073a90982e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52decca20b16b2882b72a85a2d86e721d3cd077ea7a0e2417407f073a90982e4.dll,#1
  2⤵
  PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4064 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:2400