665d72000229471d9120849380704347549cc4f58c05f7547251e3798dd3984e

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:53

Target

665d72000229471d9120849380704347549cc4f58c05f7547251e3798dd3984e.dll
Size

81KB
MD5

dfae59c1566c935feeb18da9de31b970
SHA1

8521e9d47c79642399e02aa7e0f395f0244292a7
SHA256

665d72000229471d9120849380704347549cc4f58c05f7547251e3798dd3984e
SHA512

eb1e31eb88958b43122f3da6708d6948ec5c3dc244096e4c8fc17d2409abf5327040305c609fdb012f6b5a4c5e8997dea54c93a91d5e531cdf89b41313653f6d
SSDEEP

1536:2tByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wh:24v4JKXTx71w0ArSsXF3enq8Wh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2360 wrote to memory of 4820	2360	rundll32.exe	rundll32.exe
PID 2360 wrote to memory of 4820	2360	rundll32.exe	rundll32.exe
PID 2360 wrote to memory of 4820	2360	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\665d72000229471d9120849380704347549cc4f58c05f7547251e3798dd3984e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2360

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\665d72000229471d9120849380704347549cc4f58c05f7547251e3798dd3984e.dll,#1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1712 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:404