975e79555989459d18a325c062ab8c08c1073462cf138628b32b56b6e259fc09

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 06:43

Target

975e79555989459d18a325c062ab8c08c1073462cf138628b32b56b6e259fc09.dll
Size

899KB
MD5

dd736a02552b7f2affdfc9ad882d9d3c
SHA1

5b087dc51a860f69f53f1b82247fcac73a59496f
SHA256

975e79555989459d18a325c062ab8c08c1073462cf138628b32b56b6e259fc09
SHA512

403e231e464ad241f8c9aae4dbf56af6b93cdd0223b4eeb6b31e105e682d926b49436ef19c71c771a64416614d9deed2211de82861612c395c33386602313b3a
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXx:7wqd87Vx

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4812	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 4812	1904	rundll32.exe	90
PID 1904 wrote to memory of 4812	1904	rundll32.exe	90
PID 1904 wrote to memory of 4812	1904	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\975e79555989459d18a325c062ab8c08c1073462cf138628b32b56b6e259fc09.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\975e79555989459d18a325c062ab8c08c1073462cf138628b32b56b6e259fc09.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:3404