f48a8599574f59e3edf9ee9c0f8a16608a90385d3678b9fa92797c127449e843

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 04:49

Target

f48a8599574f59e3edf9ee9c0f8a16608a90385d3678b9fa92797c127449e843.dll
Size

81KB
MD5

330e57597ccdbf6e39f012db3a8b9328
SHA1

f7a6017d61367d3bec4d371b5a27f14341f28ae2
SHA256

f48a8599574f59e3edf9ee9c0f8a16608a90385d3678b9fa92797c127449e843
SHA512

931054e4bd036a5bf5153f63ed85f0b10b7dea746117a9b880a065e88a4e87174860f0ee0edfe2fc8589fbe3a9364b57a8592c65568a4ae3ad0ff1b1da02d766
SSDEEP

1536:fc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+Ga:0+5oxmqAiR8+/RBkez0U+R

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 4960	4416	rundll32.exe	91
PID 4416 wrote to memory of 4960	4416	rundll32.exe	91
PID 4416 wrote to memory of 4960	4416	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f48a8599574f59e3edf9ee9c0f8a16608a90385d3678b9fa92797c127449e843.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f48a8599574f59e3edf9ee9c0f8a16608a90385d3678b9fa92797c127449e843.dll,#1
  2⤵
  PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:4724