16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12

Analysis

max time kernel
133s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 18:58

Target

16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12.dll
Size

5KB
MD5

65a3d08f44ea492c2d17dec729cf3a54
SHA1

9a633cdc13efe5e7f03efd2073b2d8e9d85bf2ea
SHA256

16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12
SHA512

07aa3f0035d4267c9e07051e2c0f2cc80a4243e953545f32669773211d7d3ae5dee0799a05478bf89a35e1fbadbbe8ab4cd025c368cd203b769432eb6ac6d0b4
SSDEEP

48:SWkO0IoyTnXz+ihZjokV4e9dz3fXrm2gY1GYNqmG8DXpNLBazEn3:ZJTnXzvokp9dzDf1mAkzu3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 5088	2064	rundll32.exe	91
PID 2064 wrote to memory of 5088	2064	rundll32.exe	91
PID 2064 wrote to memory of 5088	2064	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\16ffac68cf60c4a2deb6cded256b7af908cc6370544ee9fb556a5301773dbe12.dll,#1
  2⤵
  PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4124,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:8
1⤵
PID:3636