19aa4045c76b1f5e1378f5246470858f3bbfef71937a93411a713e21f604b52e

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 04:42

Target

19aa4045c76b1f5e1378f5246470858f3bbfef71937a93411a713e21f604b52e.dll
Size

1016KB
MD5

bb196a6e551889942a03c97729fd24f2
SHA1

77b593cb5bbbae1c8ec8d9a191af939740de4c34
SHA256

19aa4045c76b1f5e1378f5246470858f3bbfef71937a93411a713e21f604b52e
SHA512

187912ee66c704ec5f33abfa5fdc5479789760f9f0e8ff2c33fefc653f2bbe5f4b4520f143702c4d933a8bb69355b12bbff45c1a3a4f37f28a5fd94d02c6f2a1
SSDEEP

12288:F/CufPplvMwQRocXdov5LUFnCkHwQevRPK31lNHoMJiZOwvbDnH09tWmg:FjplvMXRocXdu5TQevRPK31lN2VnH09a

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 2132	5008	rundll32.exe	91
PID 5008 wrote to memory of 2132	5008	rundll32.exe	91
PID 5008 wrote to memory of 2132	5008	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19aa4045c76b1f5e1378f5246470858f3bbfef71937a93411a713e21f604b52e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19aa4045c76b1f5e1378f5246470858f3bbfef71937a93411a713e21f604b52e.dll,#1
  2⤵
  PID:2132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:3508