88feaa6acdfd75de35b39c26b4f772f9f136ec0b9db74a3c7f4045653bda463b

Analysis

max time kernel
232s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20240704-es
resource tags

arch:x64arch:x86image:win10v2004-20240704-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
09/07/2024, 02:14

Target

ExitLag/api-ms-win-core-memory-l1-1-0.dll
Size

11KB
MD5

e6b729f719cae2e898f15c1bfd0f4c8f
SHA1

357943bb3f93f0619847b1410426ff89ad0f290f
SHA256

348651ca38e23022e86c2c6db3979321563d16fd68f4c3efc8166b4defba4b95
SHA512

610d062738e12d991261f0c220665bb7a52a65b9f5a8ab72eb2bc63d214f93d63e8f9728ae287fa18cb30e4c44bd948a8199ac1f802dd13a7fabfe2e4cb4ecfb
SSDEEP

192:sIRW+NhW0T71ojDBQABJwJUXqnajL1dHx3tKPDG1m:sIRW+NhWZDBRJJlXBtgR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 1056	3428	rundll32.exe	90
PID 3428 wrote to memory of 1056	3428	rundll32.exe	90
PID 3428 wrote to memory of 1056	3428	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ExitLag\api-ms-win-core-memory-l1-1-0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ExitLag\api-ms-win-core-memory-l1-1-0.dll,#1
  2⤵
  PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --field-trial-handle=4240,i,16137636041123227657,6836372490512237287,262144 --variations-seed-version --mojo-platform-channel-handle=1440 /prefetch:8
1⤵
PID:988