01ce4268f1803125384f0b2d524ddcbee193add3cfa21b8e158ddacd7e11367e

Analysis

max time kernel
60s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2023, 12:11

Target

BitRAT Cracked [v6nom#8370]/data/tor/libevent-2-1-6.dll
Size

853KB
MD5

f690912e8b86ecc237287bbfa9f073c3
SHA1

3df729a3c7135f9d1f46b83c18258f0131a1e788
SHA256

60b6ceac938a821c47a5160c599fd50bc7451d42d7108960077a20dabfcadb9d
SHA512

3dc3b000a173458e839c5cf0d614830435e602f60824e850640ae1a4cfe7dda1a331c06147bf9c2c1932da545c47e78625b89883439b2f2cd4eb31b80a593fa1
SSDEEP

12288:/7bGb4bjbZb1b6lb2bxdRuh4v8HurEHYXYAKaKDWhXhUYV8g2AvL2Mwm:++dRquDXYAKaKShXhUYVMAvLVwm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 1324	3424	rundll32.exe	83
PID 3424 wrote to memory of 1324	3424	rundll32.exe	83
PID 3424 wrote to memory of 1324	3424	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\BitRAT Cracked [v6nom#8370]\data\tor\libevent-2-1-6.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\BitRAT Cracked [v6nom#8370]\data\tor\libevent-2-1-6.dll",#1
  2⤵
  PID:1324

memory/1324-133-0x0000000074FF0000-0x00000000750AF000-memory.dmp

Filesize
764KB

Download