8d456a49e6c1bb749ccdbf95503ce53b4984ce6dda19906af899383e532b621e

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 21:22

Target

8d456a49e6c1bb749ccdbf95503ce53b4984ce6dda19906af899383e532b621e.dll
Size

51KB
MD5

db823c73b2a85f8199917a4bdc4dacd0
SHA1

5b8ada9b6e91601775afcce3e5c34f82a76966d6
SHA256

8d456a49e6c1bb749ccdbf95503ce53b4984ce6dda19906af899383e532b621e
SHA512

9fa3145058fb133ed72adfce8d8314aec7dab94721ab3196a84cefc3cbb6224ad0eb303be19a6399d1e8b2b89feaa47f9162f109d19d38bc461eabc274a161c9
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLNJYH5:1dWubF3n9S91BF3fboRJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1656	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 1656	1312	rundll32.exe	90
PID 1312 wrote to memory of 1656	1312	rundll32.exe	90
PID 1312 wrote to memory of 1656	1312	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d456a49e6c1bb749ccdbf95503ce53b4984ce6dda19906af899383e532b621e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d456a49e6c1bb749ccdbf95503ce53b4984ce6dda19906af899383e532b621e.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3776 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:2384