cf2a957a97256eeb695ec60b01693b22ec82d913c9ea5e044ee7554d3f482a7f

Analysis

max time kernel
142s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:04

Target

cf2a957a97256eeb695ec60b01693b22ec82d913c9ea5e044ee7554d3f482a7f.dll
Size

2.9MB
MD5

33c6ade8a1ee38221956ace2cd582334
SHA1

503a8dbc83d2dc51d084311ee9c3241528894f5d
SHA256

cf2a957a97256eeb695ec60b01693b22ec82d913c9ea5e044ee7554d3f482a7f
SHA512

c72220d7946fed58ab557173d1823aa614a5fbf2fe458b946ae020b8f12e1046b7ddfddbd1f56054ca3c78c5a90bf2dcf514787020d616eddd233d9e0ca4e8ce
SSDEEP

24576:V9Xu6xXTRNsn9+gS6uHk1U43yIkNcIN6FeNa6rMCoCv3dgpDIsVNloeON:fcLS6uH8Ucg20zrMAv3dgpkeO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3080 wrote to memory of 4452	3080	rundll32.exe	rundll32.exe
PID 3080 wrote to memory of 4452	3080	rundll32.exe	rundll32.exe
PID 3080 wrote to memory of 4452	3080	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf2a957a97256eeb695ec60b01693b22ec82d913c9ea5e044ee7554d3f482a7f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3080

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf2a957a97256eeb695ec60b01693b22ec82d913c9ea5e044ee7554d3f482a7f.dll,#1
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1876 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:2480