13d02ec2a076ccfab11ec0f8aa828df4cb95ad33757d7405a043c60abef986c6

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 17:42

Target

$PLUGINSDIR/hhqqe.dll
Size

152KB
MD5

3a3506f522d0ee16b2c8a3d8e26cbed4
SHA1

c4d8b93116b966e0b4e313967e057d01dfaacee5
SHA256

711a82bdae65e2015eaa71dba09015a839660a665381e577701a2a0f6d47b3ae
SHA512

d86e99791427fe0fc174ff31139e5aba98e6ded8a1a4c9ac5460aac32b0c9a31c3046ac0820d3cfa9f17730c1b8cc335e448f46c7298ad42bb683f9c23d8e359
SSDEEP

1536:GNpt02q0vk31tn7XS/j2QOV/su0syBc0vifPKTPXOz4r6XJTm0mdA/xBc++X+RMl:GNEtwB8bHKjOsr6Zm0NcL+rG/ksMSg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 2236	4904	rundll32.exe	89
PID 4904 wrote to memory of 2236	4904	rundll32.exe	89
PID 4904 wrote to memory of 2236	4904	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hhqqe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hhqqe.dll,#1
  2⤵
  PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3800,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8
1⤵
PID:2716