e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 09:21

Target

e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53.dll
Size

576KB
MD5

2216e2d977fccf09d938542a14c92345
SHA1

b4d4f7847afaaf23b58844fd7db3d759edda6b6f
SHA256

e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53
SHA512

b9d5f4549b89ba8ee7fbe5bf5f11c6d484d7fa7b483b7f10f86cd6c2bfa8c7b33538ca428597328706552c400f3913131bb4a277dbd66f00403680c9e11e8221
SSDEEP

12288:zldQzDwEGwWEcQQVqLVPf49HOTlctYWbdpZ:zldQzcwWEcQVPw9OTl4YWbx

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
2	3712	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 3712	2428	rundll32.exe	90
PID 2428 wrote to memory of 3712	2428	rundll32.exe	90
PID 2428 wrote to memory of 3712	2428	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3944 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:1444