75bc63f3cf5d9641a9334ad6444406cf2480bdb00ecf22a98027b916afd6c31d

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 23:08

Target

75bc63f3cf5d9641a9334ad6444406cf2480bdb00ecf22a98027b916afd6c31d.dll
Size

5KB
MD5

b5e5e30eeae0cfc343d923a7404a07fa
SHA1

6cb8077edc69206376793085a0b73c0f4d5a6a96
SHA256

75bc63f3cf5d9641a9334ad6444406cf2480bdb00ecf22a98027b916afd6c31d
SHA512

ebd07dc98129094ca28ad3e983a92a24c819a0401f22dfaeb9ee944f3120f4e147085a5549b42f5c9cfdd549331572fd6c36fe59a89c937707f8baab5da8ffae
SSDEEP

96:hy859x0P8MayeP7LOF9+JFv6Y2bZ0GER:F5oLn+mF8gMR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 3148	372	rundll32.exe	91
PID 372 wrote to memory of 3148	372	rundll32.exe	91
PID 372 wrote to memory of 3148	372	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75bc63f3cf5d9641a9334ad6444406cf2480bdb00ecf22a98027b916afd6c31d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\75bc63f3cf5d9641a9334ad6444406cf2480bdb00ecf22a98027b916afd6c31d.dll,#1
  2⤵
  PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:2052