d01f6eea903f939d3e5f19f0f2c8c349ab8b3954b02c9935d56371260a265240

Analysis

max time kernel
114s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 02:46

Target

d01f6eea903f939d3e5f19f0f2c8c349ab8b3954b02c9935d56371260a265240.dll
Size

6KB
MD5

1b2b0b601da520740869490912838612
SHA1

77bd64f470f504dac3f0f6a093e8a4a90d9c6501
SHA256

d01f6eea903f939d3e5f19f0f2c8c349ab8b3954b02c9935d56371260a265240
SHA512

89a35f2d4bb902cef90bd7c053e304cb83eb0d3279d9ca6e75d4aa122f356ff91e03e9da5782e5fff3977f4434a0d48abc80d6929f4edd55da820159f6786cf0
SSDEEP

96:hy859x0P8MaWcs1ss+ccoh9T4sRsgMPDBee6sR1UkdqkJOlhahLcVlhLE:F5oLcccS9Tp6BBR6eozwLcVzL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 3628	2296	rundll32.exe	90
PID 2296 wrote to memory of 3628	2296	rundll32.exe	90
PID 2296 wrote to memory of 3628	2296	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d01f6eea903f939d3e5f19f0f2c8c349ab8b3954b02c9935d56371260a265240.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d01f6eea903f939d3e5f19f0f2c8c349ab8b3954b02c9935d56371260a265240.dll,#1
  2⤵
  PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:1668