abda2668ea65273fbf4e8430c80304fe8f1698e43eb1199d9a002fcdae7c35da | Triage

Analysis

max time kernel
139s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 14:24

Sharing

Report Analysis Logs

General

Target

BASS.dll
Size

90KB
MD5

d3dbc495e464c02ee1046f7b271fe402
SHA1

544a72bd04507dfede179440dcf1b72504c77323
SHA256

35cabf96dcf4d7c7384ff3096a871ffe9543edb6b61c474be432ba1c42dd9e4a
SHA512

f492e9db633b6c2edfcaba42a7dc820bf84f9baf8e3a9e637346af867ff28a00930f387dffd847128766fbc0d34ac6e0d7dce976e1a618d78d4ee6e90d978899
SSDEEP

1536:whswMp2OprjEA2M8NQNkBzlK5McX29Ak2N5Dbr70VhX6YVHshyc6BNagV9Wt:XjLPSQeBzlz+29wJMX60RBNjV9Q

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 3784	3296	rundll32.exe	84
PID 3296 wrote to memory of 3784	3296	rundll32.exe	84
PID 3296 wrote to memory of 3784	3296	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BASS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\BASS.dll,#1
  2⤵
  PID:3784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3784-0-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download