108aa9991a89fc8d247de09dd7faa10f54dbff9438b7ebfa2ac142b2c3bfdd79

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 10:22

Target

108aa9991a89fc8d247de09dd7faa10f54dbff9438b7ebfa2ac142b2c3bfdd79.dll
Size

899KB
MD5

f96028473cd926836fc8c28537ff331c
SHA1

f579edf8a50aab5086e8e5ecf525d6fd77fab171
SHA256

108aa9991a89fc8d247de09dd7faa10f54dbff9438b7ebfa2ac142b2c3bfdd79
SHA512

8c26fcadffb159a09780a3574045b999a16fb4d17c6fd71aadede03e3f069ebcf678d22df523412e213cab7b4599dbffa04731ed1a7be599de9c77c2a3eeaa0e
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXm:7wqd87Vm

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4440	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 4440	3484	rundll32.exe	91
PID 3484 wrote to memory of 4440	3484	rundll32.exe	91
PID 3484 wrote to memory of 4440	3484	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\108aa9991a89fc8d247de09dd7faa10f54dbff9438b7ebfa2ac142b2c3bfdd79.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\108aa9991a89fc8d247de09dd7faa10f54dbff9438b7ebfa2ac142b2c3bfdd79.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:628