c7a74e51044e62ab518f212afb21d7fbe6ad6cc428868ebb8729e754bd8b0b10

Analysis

max time kernel
108s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 05:25

Target

Wave/CefSharp.Core.Runtime.dll
Size

1.3MB
MD5

09cba584aa0aae9fc600745567393ef6
SHA1

bbd1f93cb0db9cf9e01071b3bed1b4afd6e31279
SHA256

0babd84d4e7dc2713e7265d5ac25a3c28d412e705870cded6f5c7c550a5bf8d5
SHA512

5f914fa33a63a6d4b46f39c7279687f313728fd5f8437ec592369a2da3256ccff6f325f78ace0e6d3a2c37da1f681058556f7603da13c45b03f2808f779d2aa1
SSDEEP

24576:5Ac2t6Twn/0ke6ruDPMY0BQJzTzAC991g44ekgpqc4CQKZi5P9xh0gsWLgiHesms:q6TmQJrXg44ekgpqc4CQKZi5P9xh0gsI

Score

1^/10

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2532	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 1956	2724	rundll32.exe	81
PID 2724 wrote to memory of 1956	2724	rundll32.exe	81
PID 2724 wrote to memory of 1956	2724	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Wave\CefSharp.Core.Runtime.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Wave\CefSharp.Core.Runtime.dll,#1
  2⤵
  PID:1956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2864

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1015d2fd919a3b62e193194c7bfafbef

SHA1
f7f3314dd817edcee90f87491f74825b197f476b

SHA256
990002e556b74d16e89d7f6c8be6ac5870e9be8b904ec52e87d92631fa09467b

SHA512
ffc7702179fb30851f4646f26a53e87c0215e320e117901c726a6294bf428540134e1fd14fce37a0b430e8379b4c56d6f57b582efff5654e2ed4624453762bea

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

Filesize
10KB

MD5
710bfbb3733035e8ef5cc41f17e6ca18

SHA1
f8f6b808c86e76167597a40bf364e92e0adcf195

SHA256
92a6dab02ff468c00c1d32b27a27f241b223ea1974238adb24c015d0527e4c13

SHA512
71414895a7e2f543197003ea16e0e8c94e6a203e32874d81332ccf5fba775f18963575991bc03d373238e59761a535d8b00b64ce4b4c6038be3bc458a15f8e18

Download Submit