27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547

Analysis

max time kernel
143s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 19:41

Target

27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547.dll
Size

91KB
MD5

6729874f7e7b37ef66db7d7444274331
SHA1

3da6041299657e2f87ccb2092769ca031b94cdcf
SHA256

27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547
SHA512

5b5ee4d26fd7ac66b25f0149ff52543fc268a653f5d0ac7af63df270bfd571f988e7753ca6d4bc7ee088c44b417d447a0292c75b23b1eb6df0909b047d85c91c
SSDEEP

1536:58lKTTgvWNYkfhR7M2dQt9BAqWjJndYDuYSbxUNsWzcdlem+lAkTLx9noi7HxsAh:iKsWNYkfhR0t92vYSl7lem+lAkp9lao

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 3964	4248	rundll32.exe	91
PID 4248 wrote to memory of 3964	4248	rundll32.exe	91
PID 4248 wrote to memory of 3964	4248	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27cf61ac40901797fe9fea2b8ddf23e71d0703b7d2325675492b47b307b34547.dll,#1
  2⤵
  PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:1536