28228ebe316e451fa79dd45a70e96cb2dc7948f0940f34f15e43b17d0ac33934

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 19:49

Target

28228ebe316e451fa79dd45a70e96cb2dc7948f0940f34f15e43b17d0ac33934.dll
Size

5KB
MD5

7014a4b1a4dadaeead8f558f3654fb88
SHA1

24b106d4bd2f40659c6360c26b6b337a8caae16b
SHA256

28228ebe316e451fa79dd45a70e96cb2dc7948f0940f34f15e43b17d0ac33934
SHA512

808b07d90a24c2910dc86c373dbd346e9586596dc37b634b1f02cea04d294bb3ca6355250f0eb0a929b77f6278e2c0789b56b6cc1c0e25a06a6f20b691dabe06
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqsGPmpIk/7BRRePgfTmaY5vBCCJSVlJ8lil:hy859x0P8MafNk/lRR2gfaagiJbwZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 4416	3292	rundll32.exe	92
PID 3292 wrote to memory of 4416	3292	rundll32.exe	92
PID 3292 wrote to memory of 4416	3292	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28228ebe316e451fa79dd45a70e96cb2dc7948f0940f34f15e43b17d0ac33934.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28228ebe316e451fa79dd45a70e96cb2dc7948f0940f34f15e43b17d0ac33934.dll,#1
  2⤵
  PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3740 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:4732