2694f6c7270ed4c0225815c2e1845d6af967742a72f640037cd60d8832814951

Analysis

max time kernel
137s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 13:46

Target

2694f6c7270ed4c0225815c2e1845d6af967742a72f640037cd60d8832814951.dll
Size

51KB
MD5

0e2c39c7a3ebddc7abdca1c1e5f10238
SHA1

712edcd0781aa3a07bb0d600aa65aaedb0afd93a
SHA256

2694f6c7270ed4c0225815c2e1845d6af967742a72f640037cd60d8832814951
SHA512

e0afee893c9817bd9ae640ae759ebb6132052b8a66dba47cea4486cda0ebcf07ca0200963178a0f85a046dd175a625d367b9ffc15c22ec69d7510bd3ed550941
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLkJYH5:1dWubF3n9S91BF3fboIJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4368	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 4368	5060	rundll32.exe	88
PID 5060 wrote to memory of 4368	5060	rundll32.exe	88
PID 5060 wrote to memory of 4368	5060	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2694f6c7270ed4c0225815c2e1845d6af967742a72f640037cd60d8832814951.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2694f6c7270ed4c0225815c2e1845d6af967742a72f640037cd60d8832814951.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1052,i,5838972776061051553,16186488414347324308,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8
1⤵
PID:4404