03012f8ef39323cee77618eb60dc74a7ab5929577df138ec7344d0db4815adf0

Analysis

max time kernel
132s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 18:14

Target

03012f8ef39323cee77618eb60dc74a7ab5929577df138ec7344d0db4815adf0.dll
Size

908KB
MD5

5f9cc80371d64b242e69feb21220fb41
SHA1

3d4d789d4eb49ce552a4a70b9c6459836bbd4f97
SHA256

03012f8ef39323cee77618eb60dc74a7ab5929577df138ec7344d0db4815adf0
SHA512

ee6c69254f910ff1b74443045f69deed70726a27ace795820b6dff705e9b04969563499343e4dde715f7b424774d4203690b8eb1400bcefc5c534b82f587581f
SSDEEP

12288:6NMa1NHoWB15ehFGeg7gYtNH9O+JbbN/XGGjvsQh6bu0mKCrFSZnd:6iaPveLmcYtx0+1p+GjvsSV0mKkFSz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 2748	4712	rundll32.exe	90
PID 4712 wrote to memory of 2748	4712	rundll32.exe	90
PID 4712 wrote to memory of 2748	4712	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03012f8ef39323cee77618eb60dc74a7ab5929577df138ec7344d0db4815adf0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03012f8ef39323cee77618eb60dc74a7ab5929577df138ec7344d0db4815adf0.dll,#1
  2⤵
  PID:2748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3404,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8
1⤵
PID:1912