065308e696cf3e97073c9875fd54344aca6ea9dd9d9af39587319c6f71f62beb | Triage

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-06-2023 02:31

Sharing

Report Analysis Logs

General

Target

ARK Survival Evolved/botva2.dll
Size

34KB
MD5

0ebd19796c55ac47b40efde9c802d645
SHA1

5b8177b60c39795315478c1a83c0b1f42a35e518
SHA256

4f820fb51bd31c754a1de8018f6c5038cc43aa6df58e76eb6357953d96435198
SHA512

7b20b0e9641291d5f7d5039a4c1d37e68f49fcaaecb3c0fa40385bcb1c1f79f04bf5eb2578f3255822a01eaab0117b73c9c195e87bd714a6d8e6618824a022a2
SSDEEP

768:poi9qZO9Q4rAJaIRtyoJodxKwZVE1kwIT2sP:pv9qZMQVrLBb2DP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1732	2036	rundll32.exe	28
PID 2036 wrote to memory of 1732	2036	rundll32.exe	28
PID 2036 wrote to memory of 1732	2036	rundll32.exe	28
PID 2036 wrote to memory of 1732	2036	rundll32.exe	28
PID 2036 wrote to memory of 1732	2036	rundll32.exe	28
PID 2036 wrote to memory of 1732	2036	rundll32.exe	28
PID 2036 wrote to memory of 1732	2036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ARK Survival Evolved\botva2.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ARK Survival Evolved\botva2.dll",#1
  2⤵
  PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1732-54-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download