8053c0556fc2792699b53830ac96a5b86801260fd9f9081230c3fe7468552b17

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:08

Target

ContactApis.dll
Size

870KB
MD5

b10941ad69c2b2ab8a9b88dda475a674
SHA1

a3ad2671f4169db7e87b218528246cd947963606
SHA256

8053c0556fc2792699b53830ac96a5b86801260fd9f9081230c3fe7468552b17
SHA512

2ac5902a25becd51f520b3a7cc935444bd4d927952dedaf47dec0797250af8536439be6e20ca7dce58bdd62db74203852280cba17b9b842661e3a4de02336a58
SSDEEP

12288:mWrBR6/026T3YMHvTFgoUcLVCaFAC+dox55WRBh7SRn7bvCIDh/U+e+1QSJDqOXd:D0/026TVHbFjU45QHaPCIe+eWQSJDqE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4744	4664	rundll32.exe	91
PID 4664 wrote to memory of 4744	4664	rundll32.exe	91
PID 4664 wrote to memory of 4744	4664	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ContactApis.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ContactApis.dll,#1
  2⤵
  PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4232 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:1440