d80c8c78ac37a011c31b3640e0780a499d7e292af21fbbb4c94f544e2e40bcdb

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 01:50

Target

d80c8c78ac37a011c31b3640e0780a499d7e292af21fbbb4c94f544e2e40bcdb.dll
Size

34KB
MD5

0d54e1576d336cb80224ae3f4a3ea6c6
SHA1

577cad2e2e1bdde5d0430ac5ffbff95e384204b3
SHA256

d80c8c78ac37a011c31b3640e0780a499d7e292af21fbbb4c94f544e2e40bcdb
SHA512

55b653330561765c87df84c892da815f3aa13edcfeed021cfdaefa5afae234c996742d1053d8e1ef72e53a2fceb47272047c8a721b45d9cc56e7cdc5d34b90d0
SSDEEP

768:UbOhTLYMpXQ3T3YNrZr//7WvkZCOqhnPmRZhW:MOhTPN/Nr17WvHpORZs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 4900	4968	rundll32.exe	80
PID 4968 wrote to memory of 4900	4968	rundll32.exe	80
PID 4968 wrote to memory of 4900	4968	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d80c8c78ac37a011c31b3640e0780a499d7e292af21fbbb4c94f544e2e40bcdb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d80c8c78ac37a011c31b3640e0780a499d7e292af21fbbb4c94f544e2e40bcdb.dll,#1
  2⤵
  PID:4900