76a02ed5525d33494d56e6dcb076b36cb5d4b540135a2b0fd03fd808574a1fbe

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 13:53

Target

76a02ed5525d33494d56e6dcb076b36cb5d4b540135a2b0fd03fd808574a1fbe.dll
Size

2.0MB
MD5

c9f5da1769027fd5995b35e57e848218
SHA1

5e6b8cbb7cbd61560e1c9be3da6a763347bc560b
SHA256

76a02ed5525d33494d56e6dcb076b36cb5d4b540135a2b0fd03fd808574a1fbe
SHA512

718412b8f27f452b97d7912d8f839bcaba0c62ebab4934e466e7b56e53e213279e9871a94208accc72e70824299a5604ad85509a858834aec65db6880dac547e
SSDEEP

49152:NidGTn3ngHPqA4vy1WDM0CEzoTNUitBNOLQz:NidS33A51WD9HLo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 2636	648	rundll32.exe	90
PID 648 wrote to memory of 2636	648	rundll32.exe	90
PID 648 wrote to memory of 2636	648	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76a02ed5525d33494d56e6dcb076b36cb5d4b540135a2b0fd03fd808574a1fbe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\76a02ed5525d33494d56e6dcb076b36cb5d4b540135a2b0fd03fd808574a1fbe.dll,#1
  2⤵
  PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:4876