afaa8a729955493cbe50a2faba52c79c0f028a5e0b522f13ca3807be71d0c808

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 03:43

Target

basswma.dll
Size

17KB
MD5

7b52be6d702aa590db57a0e135f81c45
SHA1

518fb84c77e547dd73c335d2090a35537111f837
SHA256

9b5a8b323d2d1209a5696eaf521669886f028ce1ecdbb49d1610c09a22746330
SHA512

79c1959a689bdc29b63ca771f7e1ab6ff960552cadf0644a7c25c31775fe3458884821a0130b1bab425c3b41f1c680d4776dd5311ce3939775a39143c873a6fe
SSDEEP

384:IwwsQD13cT5HhSVeEQNW5kbbcGEh/qTio+lyTnGy:QRD13ySVeEOW5kbSSTHNTnr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2204	2188	rundll32.exe	28
PID 2188 wrote to memory of 2204	2188	rundll32.exe	28
PID 2188 wrote to memory of 2204	2188	rundll32.exe	28
PID 2188 wrote to memory of 2204	2188	rundll32.exe	28
PID 2188 wrote to memory of 2204	2188	rundll32.exe	28
PID 2188 wrote to memory of 2204	2188	rundll32.exe	28
PID 2188 wrote to memory of 2204	2188	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\basswma.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\basswma.dll,#1
  2⤵
  PID:2204

memory/2204-0-0x0000000010100000-0x000000001010B000-memory.dmp

Filesize
44KB

Download
memory/2204-1-0x0000000010100000-0x000000001010B000-memory.dmp

Filesize
44KB

Download
memory/2204-2-0x0000000011000000-0x0000000011063000-memory.dmp

Filesize
396KB

Download
memory/2204-3-0x0000000011000000-0x0000000011063000-memory.dmp

Filesize
396KB

Download
memory/2204-4-0x0000000011000000-0x0000000011063000-memory.dmp

Filesize
396KB

Download