38475200900ca15e9cc6139a0f5d413d4c7c79ea0c6f2c5471f98916203a32db | Triage

Analysis

max time kernel
139s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:20

Sharing

Report Analysis Logs

General

Target

AppxAllUserStore.dll
Size

287KB
MD5

e941fe4d00071a8973788b10f8c794fe
SHA1

19e92e598aa249f357dc05f772518c8a2bb9f6f1
SHA256

38475200900ca15e9cc6139a0f5d413d4c7c79ea0c6f2c5471f98916203a32db
SHA512

5ff5896172b4fc38492867a45dabe2e8e2ebe90c103ec552f0ca2686a310ece2b769508f09503d973478ef32808a395f07cacee0903bc81aefe3725c2a3d966c
SSDEEP

6144:oXfkmiwHA57BO8FQsUZOi5WRL1vUyzaSIRQaJM:Gg3O8BQWRL1vxzaXQaJM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 3260	4820	rundll32.exe	90
PID 4820 wrote to memory of 3260	4820	rundll32.exe	90
PID 4820 wrote to memory of 3260	4820	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AppxAllUserStore.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AppxAllUserStore.dll,#1
  2⤵
  PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4436,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8
1⤵
PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads