c44506fe6e1ede5a104008755abf5b6ace51f1a84ad656a2dccc7f2c39c0eca2 | Triage

Resubmissions

19-07-2024 19:18

240719-x1c57azane 10

Analysis

max time kernel
133s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19-07-2024 19:18

Sharing

Report Analysis Logs

General

Target

madbasic_.dll
Size

209KB
MD5

da03ebd2a8448f53d1bd9e16fc903168
SHA1

889b4f487d8bba6af6ff6eb7f5afd74957586c49
SHA256

d6d5ff8e9dc6d2b195a6715280c2f1ba471048a7ce68d256040672b801fda0ea
SHA512

0ddabef35bb786e29db15c1b85ac0dca740c0e8df133f67da0ea0ac3bcb3b0ee3f055bb348a4f6f32638f03ec1ad0fb1737d6c2928cb6e6e39e91567e27fade2
SSDEEP

6144:BN/IpSQxE6qeM/k4qTl5L5e5+53WCG1C8FKFlf1:2qeM/k4qR5L5e5+53WNYH1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 4552	2804	rundll32.exe	73
PID 2804 wrote to memory of 4552	2804	rundll32.exe	73
PID 2804 wrote to memory of 4552	2804	rundll32.exe	73

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\madbasic_.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\madbasic_.dll,#1
  2⤵
  PID:4552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4552-0-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/4552-1-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/4552-2-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download