5b5d28d29b8534a96fd7f3d780b3ffca0ec521cbf9c84821fe2c02ed6966885a

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:47

Target

5b5d28d29b8534a96fd7f3d780b3ffca0ec521cbf9c84821fe2c02ed6966885a.dll
Size

6KB
MD5

865d2d5f5593f7dea5ce804180867200
SHA1

e49f4f6eb101e4db653be20aaf1922ce2b2015bd
SHA256

5b5d28d29b8534a96fd7f3d780b3ffca0ec521cbf9c84821fe2c02ed6966885a
SHA512

e785db9de8bc8013b6cdcc2b6c848e9f504750c4f8570ac2515863d51a1beb041bd84dfbf51751ff0c4415e80c61cbaadcf5c91ec2487915a9fbcb126ed68043
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0CB+BDq9J5SH:VDa9VUX9bQWiB+FqX5SH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3264 wrote to memory of 2380	3264	rundll32.exe	rundll32.exe
PID 3264 wrote to memory of 2380	3264	rundll32.exe	rundll32.exe
PID 3264 wrote to memory of 2380	3264	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b5d28d29b8534a96fd7f3d780b3ffca0ec521cbf9c84821fe2c02ed6966885a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b5d28d29b8534a96fd7f3d780b3ffca0ec521cbf9c84821fe2c02ed6966885a.dll,#1
  2⤵
  PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3140