9a2b92c57c1487870306f7d7b79e8fcd908a5260f1a64cfe601340d02ada4dd7 | Triage

Analysis

max time kernel
103s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2022, 17:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MusicTools/bass.dll
Size

110KB
MD5

8c0b4b16959bccf96205703eedb744e7
SHA1

a222a75919db9b73142799805a14945f9c17000e
SHA256

bd77fe9b4d2d0da7105d3f6705375da55e12c2cabc0428063c7c74ecf46d3a70
SHA512

88a176c413421bef5cf9a530bb484e8e4d0f8e11d9885186e06fa92b52cd63f399ee4f218eac1595c2b90663b687eac897626bbb31587a3fe5467ab6034bcae3
SSDEEP

3072:/n1c12QzN1wUhCsqnbb+x1gQQziXVZR+uYkVryhBI:NAwU6Hq1gQVVZAunIhBI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 3688	1624	rundll32.exe	82
PID 1624 wrote to memory of 3688	1624	rundll32.exe	82
PID 1624 wrote to memory of 3688	1624	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MusicTools\bass.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MusicTools\bass.dll,#1
  2⤵
  PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3688-133-0x0000000075150000-0x00000000751A1000-memory.dmp

Filesize
324KB

Download