215ef28968577352696f08807d7e4f1690acb4fb5bab90818f4fe8f5fd6518f7

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 10:18

Target

215ef28968577352696f08807d7e4f1690acb4fb5bab90818f4fe8f5fd6518f7.dll
Size

51KB
MD5

5fede8c24d7d342f46c1ee52b34ec0b6
SHA1

05a63847455a27e6e390da5c833815a522ed70e2
SHA256

215ef28968577352696f08807d7e4f1690acb4fb5bab90818f4fe8f5fd6518f7
SHA512

aa856293cd216bc1f8f9fe43340224b6b3ada9b141cf0206bae4703561e6cf56852e1b26a2eb9026cead57c69897485f7e282d1248df6a0cd258a008468551cc
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL+8JYH5:1dWubF3n9S91BF3fbonJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2196	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2196	2112	rundll32.exe	91
PID 2112 wrote to memory of 2196	2112	rundll32.exe	91
PID 2112 wrote to memory of 2196	2112	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\215ef28968577352696f08807d7e4f1690acb4fb5bab90818f4fe8f5fd6518f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\215ef28968577352696f08807d7e4f1690acb4fb5bab90818f4fe8f5fd6518f7.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:2304