5c64fdcac1a3f4c99f63fad8d7b9d85563fedb5caed5090a99e658e9483f181e

Analysis

max time kernel
125s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 22:03

Target

5c64fdcac1a3f4c99f63fad8d7b9d85563fedb5caed5090a99e658e9483f181e.dll
Size

5KB
MD5

7267f49145b9adc0038d953b3438b227
SHA1

68ad108df5dcf5e747e63b50cf4759a5074121d0
SHA256

5c64fdcac1a3f4c99f63fad8d7b9d85563fedb5caed5090a99e658e9483f181e
SHA512

377aa5e243ff2c935c13f764eaeb9fb65dc5506db55d663163de79042103efd33724a313c3585e49d6e389e0136bbb1ab56d3f2182ddf85aff2ca5d7158be8ff
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqZXUDfU+AJfcCgEKG/m0aTQNUMqJUFJ4LLx:hy859x0P8MaZXOiZKSmZTQjJ4VM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 1204	3552	rundll32.exe	90
PID 3552 wrote to memory of 1204	3552	rundll32.exe	90
PID 3552 wrote to memory of 1204	3552	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c64fdcac1a3f4c99f63fad8d7b9d85563fedb5caed5090a99e658e9483f181e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c64fdcac1a3f4c99f63fad8d7b9d85563fedb5caed5090a99e658e9483f181e.dll,#1
  2⤵
  PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3464,i,2857654520668216285,12206737327839963915,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
1⤵
PID:4604