fafacce7fa391680564f1428e60e4f8dd10867f7769b6eac47041481f642a0fb

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 14:18

Target

fafacce7fa391680564f1428e60e4f8dd10867f7769b6eac47041481f642a0fb.dll
Size

255KB
MD5

f7af299f3f0916cc35f35925681a2fcd
SHA1

1533faea980a3824e81b14893d286ecef8027142
SHA256

fafacce7fa391680564f1428e60e4f8dd10867f7769b6eac47041481f642a0fb
SHA512

2c2de4711ed2af403efd287e7c07aa24d3922f1c52f5f77b5653d08ca9c1635f10da815ebfec70b95cd1fdee0250c8709a79d4142c724367c224092367c51fc5
SSDEEP

6144:6XP3ZmxcGko/C+s//TgBoFlPya7UrUWp7WI8gVBV+UdvrEFp7hKT:07qrUougVBjvrEH7I

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 4112	468	rundll32.exe	92
PID 468 wrote to memory of 4112	468	rundll32.exe	92
PID 468 wrote to memory of 4112	468	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fafacce7fa391680564f1428e60e4f8dd10867f7769b6eac47041481f642a0fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fafacce7fa391680564f1428e60e4f8dd10867f7769b6eac47041481f642a0fb.dll,#1
  2⤵
  PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3984 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:3636