3f04620d6627abe5c3b4747faf26603ab7a006c81b2021ab4689bdd7033bb4cd | Triage

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 12:11

Sharing

Report Analysis Logs

General

Target

bass.dll
Size

90KB
MD5

8f5b9b73d33e8c99202b5058cb6dce51
SHA1

102699b1dc7e03c9041115f5e3b178f1dab1a27a
SHA256

3f04620d6627abe5c3b4747faf26603ab7a006c81b2021ab4689bdd7033bb4cd
SHA512

89d830d1ed0c55882d1cc77d1a87b193cbffd8b96010d727fad6cd2668ee94c7acfb565ddb1be5b55c8caf9791947b62e8d87fa4896d98124ca2caae0053c9df
SSDEEP

1536:fq5gk9BPaPT8yWZv6UXq+BpSAaSv5vfwKaGorBWHiauTXJSJ:fq5r9BCPT8yZfKahrsiauTZo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 4336	1600	rundll32.exe	84
PID 1600 wrote to memory of 4336	1600	rundll32.exe	84
PID 1600 wrote to memory of 4336	1600	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bass.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bass.dll,#1
  2⤵
  PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4336-0-0x0000000011000000-0x0000000011055000-memory.dmp

Filesize
340KB

Download