50c86b184a26ad92e71be89b2ae8626802457e5e4ac577e8ef7a7b74e52bc0d8

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:36

Target

50c86b184a26ad92e71be89b2ae8626802457e5e4ac577e8ef7a7b74e52bc0d8.dll
Size

327KB
MD5

c5f175896b8c15aace8754a7fc6c73ce
SHA1

fef09a6bafdd11fc97aa86dd2d0ab1b85049e8ab
SHA256

50c86b184a26ad92e71be89b2ae8626802457e5e4ac577e8ef7a7b74e52bc0d8
SHA512

985ba26a8b4ce5628b76988efe2587f8b69b0034c44f1dc0b29d46b96aa037c5efeb7fd618591d9629c6aec2bff57960556534e27e4bdcb5773cc7caf872d5e2
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4076 wrote to memory of 4740	4076	rundll32.exe	rundll32.exe
PID 4076 wrote to memory of 4740	4076	rundll32.exe	rundll32.exe
PID 4076 wrote to memory of 4740	4076	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50c86b184a26ad92e71be89b2ae8626802457e5e4ac577e8ef7a7b74e52bc0d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\50c86b184a26ad92e71be89b2ae8626802457e5e4ac577e8ef7a7b74e52bc0d8.dll,#1
  2⤵
  PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:1440