78aefd46d31f2bb67f0b9bd0d831f10f21bfd9d44b9deebcfa52c45e85a72473

Analysis

max time kernel
132s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 16:17

Target

salinewin/PayloadMBR/Programs/QEMU/SDL.dll
Size

1.0MB
MD5

cea03998e710dc5bfc4954cde440333d
SHA1

a6490955fa171fd85a6e64d06642e129493c7ba4
SHA256

0cce4795789a49c433d7f9d1ce7663f265f948f672ebde5fec41f2447fcd8741
SHA512

c2aa76413fa9526abad2a3a61f3d0595027df32bcb7e0005a654625a7c894f386563d277ccda89d6eb96fdb869d262252927cfdf764c26c2dfd5cc966d23cfa3
SSDEEP

12288:lFqs6ZgPvI6bw3uJwV/MRb2F6t1YAG7S86OIYO8iJghIQoXk6MEgw4u8XcQexssC:lFqs6gvIgoYSF6vE7CwoQ6LwUGdL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2692 wrote to memory of 1556	2692	rundll32.exe	rundll32.exe
PID 2692 wrote to memory of 1556	2692	rundll32.exe	rundll32.exe
PID 2692 wrote to memory of 1556	2692	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\salinewin\PayloadMBR\Programs\QEMU\SDL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\salinewin\PayloadMBR\Programs\QEMU\SDL.dll,#1
2⤵
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4268,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
1⤵
PID:4240