a089440515e7fa8248242ab2b778d98baa00e9017ef95c3c266b63d549284d41

Analysis

max time kernel
125s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 00:56

Target

a089440515e7fa8248242ab2b778d98baa00e9017ef95c3c266b63d549284d41.dll
Size

6KB
MD5

444883c83dac538168efd917db042f59
SHA1

f1d536f6e32ee5f82bb7fa5b027009d0337bc42c
SHA256

a089440515e7fa8248242ab2b778d98baa00e9017ef95c3c266b63d549284d41
SHA512

aa5f397ffd7c950da00c34c5be26e6ad068133461351ac71c84dfcc27beaf5a54ec0ba506a9e9bca7d9bac6226bb66a613f261fa623ce447419d7d0f5a1e1eaf
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0rB+BDq9J5SH:VDa9VUX9bQWLB+FqX5SH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 3176	4920	rundll32.exe	89
PID 4920 wrote to memory of 3176	4920	rundll32.exe	89
PID 4920 wrote to memory of 3176	4920	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a089440515e7fa8248242ab2b778d98baa00e9017ef95c3c266b63d549284d41.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a089440515e7fa8248242ab2b778d98baa00e9017ef95c3c266b63d549284d41.dll,#1
  2⤵
  PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4616,i,18261153038209191383,10347744459236715365,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8
1⤵
PID:4592