5efee108d713a3298195f4abbe07bd239deabd09ade31d0de2aed4374cda0440

Analysis

max time kernel
139s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 12:22

Target

AuditNativeSnapIn.dll
Size

215KB
MD5

0c9823696d69e6bc2abdd00acc58d859
SHA1

61bad700743d4b3778f0ead17caa0fae5a0d7d98
SHA256

5efee108d713a3298195f4abbe07bd239deabd09ade31d0de2aed4374cda0440
SHA512

d907b8809bdba45224f8fdfa6d540429149893aca548b32514f520104adc9f5122222250e8d55d4e9aed69f0d05bc722eeb252d9d9680a58c3fb1daf4f61ec3d
SSDEEP

3072:kjgMT5VF1n9d7PxB3m10RgFz/4vB1Tn1m9d7PxB3m10RgFz/4vB1Tn1BN:kjgMFVF4LATn1VLATn1z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 440	1536	rundll32.exe	90
PID 1536 wrote to memory of 440	1536	rundll32.exe	90
PID 1536 wrote to memory of 440	1536	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AuditNativeSnapIn.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AuditNativeSnapIn.dll,#1
  2⤵
  PID:440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3704,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:8
1⤵
PID:2184