8aaeae8ec5fedb1c4b57b6de382e89238da07a462ecfe5b941f507709edccf18

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 13:23

Target

8aaeae8ec5fedb1c4b57b6de382e89238da07a462ecfe5b941f507709edccf18.dll
Size

51KB
MD5

33990bc582ba37cbe92091c637780dfb
SHA1

c33d68341d8fce0c395e4647fc427369a921f2a2
SHA256

8aaeae8ec5fedb1c4b57b6de382e89238da07a462ecfe5b941f507709edccf18
SHA512

b2d88be81c8ae72c3c614eab45cd09fbf611ea55184293144dea842f01dcb8c7866d034e5c36d3368ae21fa505fdbeb2974f716bc09bd6ebbed0363f48726cea
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLYJYH5:1dWubF3n9S91BF3fboMJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4656	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4656	4888	rundll32.exe	91
PID 4888 wrote to memory of 4656	4888	rundll32.exe	91
PID 4888 wrote to memory of 4656	4888	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8aaeae8ec5fedb1c4b57b6de382e89238da07a462ecfe5b941f507709edccf18.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8aaeae8ec5fedb1c4b57b6de382e89238da07a462ecfe5b941f507709edccf18.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4340 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:4728