e2f2ec9d680a6d3630bf7e2dd223836b5c4fdba8b95249047445f2469c005174

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 04:30

Target

e2f2ec9d680a6d3630bf7e2dd223836b5c4fdba8b95249047445f2469c005174.dll
Size

81KB
MD5

cc95ce85b608a08baaca154503a6739e
SHA1

35061db16c2accf7bb4262635a75fbb7d8307d6b
SHA256

e2f2ec9d680a6d3630bf7e2dd223836b5c4fdba8b95249047445f2469c005174
SHA512

63f9a0adb793c1a98f1e807d0409a068d206e7f23ceacc6dd462254e755efaa9be2cbbe76af865a9d9f578d2fa8e68eb2f02b67f257fd56df08df948f6cd7059
SSDEEP

1536:utByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W7:u4v4JKXTx71w0ArSsXF3enq8W7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 2980	3352	rundll32.exe	91
PID 3352 wrote to memory of 2980	3352	rundll32.exe	91
PID 3352 wrote to memory of 2980	3352	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2f2ec9d680a6d3630bf7e2dd223836b5c4fdba8b95249047445f2469c005174.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2f2ec9d680a6d3630bf7e2dd223836b5c4fdba8b95249047445f2469c005174.dll,#1
  2⤵
  PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:2528