14ed02164277c97b5f0a39915dc1324ccdf5bd6c8eba462fda2ef8d8efdf4dfd | Triage

Analysis

max time kernel
140s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:31

Sharing

Report Analysis Logs

General

Target

BaseCode.dll
Size

421KB
MD5

0d0aa0b40d8e9d6e864d9ff8467e432e
SHA1

ec0e33d1ecc7687ac072be0b25d3e3615bc4cb55
SHA256

14ed02164277c97b5f0a39915dc1324ccdf5bd6c8eba462fda2ef8d8efdf4dfd
SHA512

0d6505905632aa1f4533a3a3d380299912023ebe176a4273afad609300c683563f6d8aa49ffa9764504c0610d674c662b4f9ebb1a07bb03e3fa50cc24eca9c1a
SSDEEP

12288:G9OLYIyGABbXRQSBuMtfqNUTrNMQ+Gr37QhLj:UOLYIyFBbXpUNUTrNMQ+Gr37QN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 3468	4984	rundll32.exe	83
PID 4984 wrote to memory of 3468	4984	rundll32.exe	83
PID 4984 wrote to memory of 3468	4984	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BaseCode.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\BaseCode.dll,#1
  2⤵
  PID:3468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads