Overview

overview

3

Static

static

3

BINDInstall.exe

windows7-x64

1

BINDInstall.exe

windows10-2004-x64

1

arpaname.exe

windows7-x64

arpaname.exe

windows10-2004-x64

bindevt.dll

windows7-x64

1

bindevt.dll

windows10-2004-x64

1

ddns-confgen.exe

windows7-x64

ddns-confgen.exe

windows10-2004-x64

dig.exe

windows7-x64

dig.exe

windows10-2004-x64

dnssec-dsfromkey.exe

windows7-x64

dnssec-dsfromkey.exe

windows10-2004-x64

dnssec-key...el.exe

windows7-x64

dnssec-key...el.exe

windows10-2004-x64

dnssec-keygen.exe

windows7-x64

dnssec-keygen.exe

windows10-2004-x64

dnssec-revoke.exe

windows7-x64

dnssec-revoke.exe

windows10-2004-x64

dnssec-settime.exe

windows7-x64

dnssec-settime.exe

windows10-2004-x64

dnssec-signzone.exe

windows7-x64

dnssec-signzone.exe

windows10-2004-x64

genrandom.exe

windows7-x64

genrandom.exe

windows10-2004-x64

host.exe

windows7-x64

host.exe

windows10-2004-x64

isc-hmac-fixup.exe

windows7-x64

isc-hmac-fixup.exe

windows10-2004-x64

libbind9.dll

windows7-x64

1

libbind9.dll

windows10-2004-x64

1

libdns.dll

windows7-x64

1

libdns.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    207s
  • max time network
    372s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2023 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bindevt.dll

  • Size

    448KB

  • MD5

    3368bf6088802a6fe4a74dd7a1bb39d9

  • SHA1

    5681cf96686125308bafa1396e7fee6aec225504

  • SHA256

    fe254dc5a4e025a0d7d95844dd452ac9c3cbbe78edfd8a4cd12d7331dd5567c4

  • SHA512

    a29a89f98ee2df04a71cb204bcc0e75ef3890e3c45dfe691f0295a9aefaeee50f1802776bb5e7c6e843d1cfe87a242eab067d107323a650d5bbe1050ad9bb308

  • SSDEEP

    6144:rLyto9KMLecTR/bsUpbm97VQ8873FKBkDORsnb6ZYkN2dHiVXj:rLKo9PLecFTsU9m9E73FSRsnb6P8Ij

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
      2⤵
        PID:3948

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads