fb04ccfa7a112c95a47a95aa7c37b8c0718be2d7003bed00eaad35c72c74fbaf

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 04:35

Target

fb04ccfa7a112c95a47a95aa7c37b8c0718be2d7003bed00eaad35c72c74fbaf.dll
Size

5KB
MD5

426c45f40f65c8e292035ce2ef1f589c
SHA1

c3351742fa4eb1bd6f33b68d81fea68139c362a2
SHA256

fb04ccfa7a112c95a47a95aa7c37b8c0718be2d7003bed00eaad35c72c74fbaf
SHA512

b0004011f55523a0d9d4ebef99f772ec0500633bb79fcbc537597f99ca69bc46c82b380b569d3f45bc6e120a36adc41f6c3af6b28e3bd482ea07424e114f7b4b
SSDEEP

96:hy859x0P8MaYUmq4eopvrzrh/VGrXb4J1Qt:F5oLvCopDHh/VokTQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 3292	5088	rundll32.exe	92
PID 5088 wrote to memory of 3292	5088	rundll32.exe	92
PID 5088 wrote to memory of 3292	5088	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb04ccfa7a112c95a47a95aa7c37b8c0718be2d7003bed00eaad35c72c74fbaf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb04ccfa7a112c95a47a95aa7c37b8c0718be2d7003bed00eaad35c72c74fbaf.dll,#1
  2⤵
  PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3460 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:4312