Analysis
-
max time kernel
36s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-es -
resource tags
-
submitted
30-01-2023 13:18
General
-
Target
Baba Is You/steam_api.dll
-
Size
214KB
-
MD5
7b857c897bc69313e4936dc3dcce5193
-
SHA1
4ee43374520904fa6d80c12c273d67eb7b5c984e
-
SHA256
5b6ef90f822209180ed5cafecb90af849ee84bcf6281eeb21be2f89b3b5c89b6
-
SHA512
be6406cc367815cc7b813adef24e5ddad6c8244d4964bd37ed0656aaae404496f4f9e38968e9acba91bff1db171127126d8219ebea8757142ebac0c82a233573
-
SSDEEP
3072:b1FYvn1HLSVcDywesfpTjEWIrnhaIB1ScHEq+XpBqmylcICNCxPJwa8Eo/8:BqvnFYFzsfECqSpBpybCNuhGR/8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Baba Is You\steam_api.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Baba Is You\steam_api.dll",#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 2243⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/944-56-0x0000000000000000-mapping.dmp
-
memory/1696-54-0x0000000000000000-mapping.dmp
-
memory/1696-55-0x0000000075361000-0x0000000075363000-memory.dmpFilesize
8KB