1b0f7af6fcce2d15992cc843167ad3addbbe17ae55e9aec41b942b8dd78ac443

Analysis

max time kernel
139s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 04:08

Target

1b0f7af6fcce2d15992cc843167ad3addbbe17ae55e9aec41b942b8dd78ac443.dll
Size

81KB
MD5

93c16b5a14c00f3ac83a70bfea7daed0
SHA1

4320ed97db3c9160b0355ac41ede929003e245cd
SHA256

1b0f7af6fcce2d15992cc843167ad3addbbe17ae55e9aec41b942b8dd78ac443
SHA512

71f3e1d1c6f8d71f63db2b9ea11254e0257007ad629ba50f443a9ec5e010a69016c9cfb47740cba4fe0175992efeb2f405067f014b953833df0f35eea57f3823
SSDEEP

1536:+tByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WG:+4v4JKXTx71w0ArSsXF3enq8WG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 4560	536	rundll32.exe	91
PID 536 wrote to memory of 4560	536	rundll32.exe	91
PID 536 wrote to memory of 4560	536	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0f7af6fcce2d15992cc843167ad3addbbe17ae55e9aec41b942b8dd78ac443.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0f7af6fcce2d15992cc843167ad3addbbe17ae55e9aec41b942b8dd78ac443.dll,#1
  2⤵
  PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4084 /prefetch:8
1⤵
PID:5104