49bee1b16b4d90af83eaa48409495e5c9aee2e3bd16ce98b451f4bf4893773a4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 11:31

Target

bass.dll
Size

90KB
MD5

2936f245f64c2fd524d4f1457b4dd858
SHA1

f9dbef807b348492500fd4c195e3d55f09ff7453
SHA256

3f2dd502a60fa75ab4c9719113772e74e52c7e237c79266a763008c51c9487c3
SHA512

4ae95d3f57242c6f038243a3adbfa0bc153300aaeb0fb83de10031e725871b727986bf2beea3e3cd41be165f9fa57b730f1a15a9ecf8205a2099ba6d48690bd0
SSDEEP

1536:xH2W6JPTxkqAjoEIoFm6LNKI5PPft5jB3ySx8CLCZVLnu3BLidvkzhFwZD0zTgDn:cW+Tx4oEIx6LNVPf/jBCSxLeZ1uRLI1b

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2460	2784	rundll32.exe	28
PID 2784 wrote to memory of 2460	2784	rundll32.exe	28
PID 2784 wrote to memory of 2460	2784	rundll32.exe	28
PID 2784 wrote to memory of 2460	2784	rundll32.exe	28
PID 2784 wrote to memory of 2460	2784	rundll32.exe	28
PID 2784 wrote to memory of 2460	2784	rundll32.exe	28
PID 2784 wrote to memory of 2460	2784	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bass.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bass.dll,#1
  2⤵
  PID:2460

memory/2460-1-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/2460-0-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/2460-2-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download