8bb79293e59e4fbd16f770848d90c6958c4f37b945e2c18d3739bbe7520f33a3

Analysis

max time kernel
233s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:08

Target

SDL.dll
Size

350KB
MD5

345ef7ef34b773ca7390a20f828bc377
SHA1

19166d50cf08bd6e229e34e0f9aee9c4d873522f
SHA256

13a0a706fecc447915f92bb3dfb6c891c0aaf9d9687d083a35e790855e23b90e
SHA512

501fb92b305d82beedfff383fea1437429806ffcecdcb29c65ba78711703036bb8938968e268898f019cbccdf0c8836c65b29e43d1a239c34a153e3e7f651779
SSDEEP

6144:YAlqituBKEAT0IIpcA+Q9uxolCkrmgAfIy6mvFyUUcb3yt0N7D8nmB2K4vIeEgA3:YAlqitiKEAgcA+Q9uxolCkagA96mYUjl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4752 wrote to memory of 1820	4752	rundll32.exe	rundll32.exe
PID 4752 wrote to memory of 1820	4752	rundll32.exe	rundll32.exe
PID 4752 wrote to memory of 1820	4752	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SDL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SDL.dll,#1
2⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:4484