d47415a61a7ecb7cc5979713aa9c8741d487c6de13715a3348e477de0072e401

Analysis

max time kernel
135s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 12:18

Target

MSWebp.dll
Size

27KB
MD5

b34ef82a6f065b9d343261b97c0d1f6b
SHA1

6068125a7e618c317eefb9abb782b32b3acd9389
SHA256

d47415a61a7ecb7cc5979713aa9c8741d487c6de13715a3348e477de0072e401
SHA512

0f8ee20f3fb2f2f66bc3c59623d86ece6bef51a682dc38c64288aa479f3ba779cfe1bc3af52ccb9165f9b21f26b7827c45ca520a1f96aa0baa45c154a0f092ae
SSDEEP

384:vvF11ey+r5vSM0e+XXw4lvdMRrpZA9e+4RZrsbO+ghhKWgLjgpFE83LWpHWUNUr:v/Or5KM0eaXjl4AGHi6MZ83Knmr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 2012	4280	rundll32.exe	90
PID 4280 wrote to memory of 2012	4280	rundll32.exe	90
PID 4280 wrote to memory of 2012	4280	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MSWebp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MSWebp.dll,#1
  2⤵
  PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4376,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
1⤵
PID:4492