Overview
overview
3Static
static
3BINDInstall.exe
windows7-x64
1BINDInstall.exe
windows10-2004-x64
1arpaname.exe
windows7-x64
arpaname.exe
windows10-2004-x64
bindevt.dll
windows7-x64
1bindevt.dll
windows10-2004-x64
1ddns-confgen.exe
windows7-x64
ddns-confgen.exe
windows10-2004-x64
dig.exe
windows7-x64
dig.exe
windows10-2004-x64
dnssec-dsfromkey.exe
windows7-x64
dnssec-dsfromkey.exe
windows10-2004-x64
dnssec-key...el.exe
windows7-x64
dnssec-key...el.exe
windows10-2004-x64
dnssec-keygen.exe
windows7-x64
dnssec-keygen.exe
windows10-2004-x64
dnssec-revoke.exe
windows7-x64
dnssec-revoke.exe
windows10-2004-x64
dnssec-settime.exe
windows7-x64
dnssec-settime.exe
windows10-2004-x64
dnssec-signzone.exe
windows7-x64
dnssec-signzone.exe
windows10-2004-x64
genrandom.exe
windows7-x64
genrandom.exe
windows10-2004-x64
host.exe
windows7-x64
host.exe
windows10-2004-x64
isc-hmac-fixup.exe
windows7-x64
isc-hmac-fixup.exe
windows10-2004-x64
libbind9.dll
windows7-x64
1libbind9.dll
windows10-2004-x64
1libdns.dll
windows7-x64
1libdns.dll
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
07-11-2023 13:56
Static task
static1
Behavioral task
behavioral1
Sample
BINDInstall.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
BINDInstall.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
arpaname.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral4
Sample
arpaname.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
bindevt.dll
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral6
Sample
bindevt.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
ddns-confgen.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral8
Sample
ddns-confgen.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
dig.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral10
Sample
dig.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
dnssec-dsfromkey.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral12
Sample
dnssec-dsfromkey.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
dnssec-keyfromlabel.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral14
Sample
dnssec-keyfromlabel.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
dnssec-keygen.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral16
Sample
dnssec-keygen.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
dnssec-revoke.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral18
Sample
dnssec-revoke.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
dnssec-settime.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral20
Sample
dnssec-settime.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
dnssec-signzone.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral22
Sample
dnssec-signzone.exe
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
genrandom.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral24
Sample
genrandom.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
host.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral26
Sample
host.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
isc-hmac-fixup.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral28
Sample
isc-hmac-fixup.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
libbind9.dll
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral30
Sample
libbind9.dll
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
libdns.dll
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral32
Sample
libdns.dll
Resource
win10v2004-20231025-en
windows10-2004-x64
General
-
Target
bindevt.dll
-
Size
448KB
-
MD5
fee4f99357b8415fd9c00779e0e020e1
-
SHA1
a6e6d34179424219b3235c29b5ce2d3d59c17766
-
SHA256
6dc0c448fa837b5daa1e9ba1039b1f00dd6afe7dc7628521153ff8d91d50081f
-
SHA512
87d1f217ced4a9861b2e2ba57272b99694c29de62dc5d2b3efb30ef70fe9988fc55990f16ec7149e3cb702ee6ca842191744524e483c1ffc0b5b4094f839dc16
-
SSDEEP
6144:zLyto9KMLecTR/bsUpbm97VQ8873FKBkDORsnb6ZYJN4dHiVXj:zLKo9PLecFTsU9m9E73FSRsnb62mIj
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2796 wrote to memory of 1580 2796 rundll32.exe 28 PID 2796 wrote to memory of 1580 2796 rundll32.exe 28 PID 2796 wrote to memory of 1580 2796 rundll32.exe 28 PID 2796 wrote to memory of 1580 2796 rundll32.exe 28 PID 2796 wrote to memory of 1580 2796 rundll32.exe 28 PID 2796 wrote to memory of 1580 2796 rundll32.exe 28 PID 2796 wrote to memory of 1580 2796 rundll32.exe 28