a408dc1f2089046c79dbde7a82c64b08935701796638d63edd17ffb6394e791f

Analysis

max time kernel
130s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 00:58

Target

a408dc1f2089046c79dbde7a82c64b08935701796638d63edd17ffb6394e791f.dll
Size

7KB
MD5

6637dbc4b1f9f9cf722a58c6a251d61a
SHA1

e6dbea1fbdefb1279720e28b6ec6eab6a362f496
SHA256

a408dc1f2089046c79dbde7a82c64b08935701796638d63edd17ffb6394e791f
SHA512

9af94726df176883af837a17a798c2517101feea82a18a162004099ab99803836ea61ef5654ec0d79a4e10e515a9916828b7b629058779a431f924e77458432a
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWIbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPiq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1576	1044	rundll32.exe	88
PID 1044 wrote to memory of 1576	1044	rundll32.exe	88
PID 1044 wrote to memory of 1576	1044	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a408dc1f2089046c79dbde7a82c64b08935701796638d63edd17ffb6394e791f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a408dc1f2089046c79dbde7a82c64b08935701796638d63edd17ffb6394e791f.dll,#1
  2⤵
  PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3476,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
1⤵
PID:1664