3529b60e422bf13ed9c2b5b6d6e0bc169ea9ca659b864d999e82963fd975f1d0

Analysis

max time kernel
129s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 16:04

Target

d3dx9_43.dll
Size

1.9MB
MD5

769214ca918382119fc866596400ee20
SHA1

c0d84974856a6de3abc60da2b99653a0c1d757e1
SHA256

3ab337b51f1411fec58775da5099ce56e1e9ea542214f7192cd98e1d0a281987
SHA512

90fe25cc84033f32e47a2662ed2732dd92a9fd0bc25f458d145a1a01bfa6bf27725c9033286971c28f63d2ebaba016a7be1a87dbde59051a447fdeae63bcbb27
SSDEEP

24576:z4ZU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBQ:zZ66l2u45BiNYFrz31Cv3D29kd6kkQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 2184	4264	rundll32.exe	90
PID 4264 wrote to memory of 2184	4264	rundll32.exe	90
PID 4264 wrote to memory of 2184	4264	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dx9_43.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dx9_43.dll,#1
  2⤵
  PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3988,i,7761714625659357865,10802238739796857379,262144 --variations-seed-version --mojo-platform-channel-handle=3828 /prefetch:8
1⤵
PID:1512