a2a36451fe63feee1c348e9b72d7ac7f55c7bd4fe6a4bf0110f6d5440797539e | Triage

Analysis

max time kernel
118s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 18:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

assistBase.dll
Size

126KB
MD5

79fdc88a349263e2a7449c91cf898057
SHA1

a423b72774119f7b37d25f5d6f3f3efc5f578be1
SHA256

b8c2dbb63a418e4d508e3901fd930c12bf62b854bbbf68c4879f9498ef01d949
SHA512

31bcc5e5201dd804f13d5cb87ad8eee4ed2077b336e96a5e284c24ee5c033e709895d1116b8a543b73054de1aa52bd23335081b139addae795a63bbdfd190f65
SSDEEP

3072:9YHRIKPK6DytfqTjZP7LbleV6NSGD6JKnHahoEHy:9IOKy/qTjNleVCSVvo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2648	2688	rundll32.exe	28
PID 2688 wrote to memory of 2648	2688	rundll32.exe	28
PID 2688 wrote to memory of 2648	2688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\assistBase.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2688 -s 192
  2⤵
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads