7d798cf3970eca4b32943c9205f626e68362ced9669b16956d16a04afe08b017

Analysis

max time kernel
143s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:32

Target

7d798cf3970eca4b32943c9205f626e68362ced9669b16956d16a04afe08b017.dll
Size

329KB
MD5

2e8e67581dbbd24dff96a52491cbc213
SHA1

3fa66eae88de95dc578a8816aae38f9651bc29ee
SHA256

7d798cf3970eca4b32943c9205f626e68362ced9669b16956d16a04afe08b017
SHA512

43c4ced46383962f5767b53fc6fa6a7be3da1df085b702c4bc852da2152cafdba780a96f9f25afce67d28c1ea1ddd30cb53e077ac18c30dc60d1fa6d5e7d5d86
SSDEEP

6144:RmWhxR1arY/PbgmFOabPIIBhJXAv7eTY9suz0xhttGSrDKE3KIvSka8bi:RmWTR1arYnEKosuzY34CZ3DvSkN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4224 wrote to memory of 1584	4224	rundll32.exe	rundll32.exe
PID 4224 wrote to memory of 1584	4224	rundll32.exe	rundll32.exe
PID 4224 wrote to memory of 1584	4224	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d798cf3970eca4b32943c9205f626e68362ced9669b16956d16a04afe08b017.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d798cf3970eca4b32943c9205f626e68362ced9669b16956d16a04afe08b017.dll,#1
2⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=1316 /prefetch:8
1⤵
PID:1780