7e951c0dd64de0801dfa04720f50626215050333230402f94b5d213a653a61ad

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 19:18

Target

7e951c0dd64de0801dfa04720f50626215050333230402f94b5d213a653a61ad.dll
Size

50KB
MD5

4e4a3dda7f669f4955468ec67a119c2e
SHA1

64b2b20f7292564b78b9f10526b66db6f1d4a2cf
SHA256

7e951c0dd64de0801dfa04720f50626215050333230402f94b5d213a653a61ad
SHA512

2d410aef4fbc1eeb45ae9da42fa25998d358d8bc9e3d3d4c55f1926f58d3ac87660643aff9a1c5db83ad82a2cf8de3c50ef5215fb7f03c4f6e59cee0b290a08c
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5XJYH:W5ReWjTrW9rNPgYotJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

Processes:

rundll32.exe

pid process

1300 rundll32.exe

pid	process
1300	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3076 wrote to memory of 1300	3076	rundll32.exe	rundll32.exe
PID 3076 wrote to memory of 1300	3076	rundll32.exe	rundll32.exe
PID 3076 wrote to memory of 1300	3076	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e951c0dd64de0801dfa04720f50626215050333230402f94b5d213a653a61ad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3076

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e951c0dd64de0801dfa04720f50626215050333230402f94b5d213a653a61ad.dll,#1
2⤵
- Suspicious behavior: RenamesItself
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:1376