80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be

Analysis

max time kernel
133s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:40

Target

80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be.dll
Size

327KB
MD5

6e697d51215a9f7e4a6e5062b9bb64a6
SHA1

622c78d4441a95ee2958ee0ee7a75886aa8e443d
SHA256

80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be
SHA512

0387843fad9985f7c0c455a5c76fa307a2e84b2470052863e270a021956a67d7954c80b0ed9c56e4d3e23e0d58da9c94512c1fa1c46f109aee8d18a4b1a03cf0
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4900 wrote to memory of 1848	4900	rundll32.exe	rundll32.exe
PID 4900 wrote to memory of 1848	4900	rundll32.exe	rundll32.exe
PID 4900 wrote to memory of 1848	4900	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be.dll,#1
2⤵
PID:1848