Analysis
-
max time kernel
143s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2024, 19:41
Static task
static1
Behavioral task
behavioral1
Sample
27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547.dll
-
Size
91KB
-
MD5
6729874f7e7b37ef66db7d7444274331
-
SHA1
3da6041299657e2f87ccb2092769ca031b94cdcf
-
SHA256
27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547
-
SHA512
5b5ee4d26fd7ac66b25f0149ff52543fc268a653f5d0ac7af63df270bfd571f988e7753ca6d4bc7ee088c44b417d447a0292c75b23b1eb6df0909b047d85c91c
-
SSDEEP
1536:58lKTTgvWNYkfhR7M2dQt9BAqWjJndYDuYSbxUNsWzcdlem+lAkTLx9noi7HxsAh:iKsWNYkfhR0t92vYSl7lem+lAkp9lao
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4248 wrote to memory of 3964 4248 rundll32.exe 91 PID 4248 wrote to memory of 3964 4248 rundll32.exe 91 PID 4248 wrote to memory of 3964 4248 rundll32.exe 91
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4248 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547.dll,#12⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:81⤵PID:1536