abdfa3e0641be0eff639a7f7566e0abd5bb8751dc0bc94075ddade90491728cc | Triage

Analysis

max time kernel
157s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 14:49

Sharing

Report Analysis Logs

General

Target

bindevt.dll
Size

448KB
MD5

1c38ab5732c1b905b52f78381f8f9fd3
SHA1

95b89aa88bc61631e06fb568f46c707fd5f4a8e0
SHA256

70f5d14cc4ed4e095c7b2bf97ba2cf82ddc07a0f682923d6c289da05cac57c69
SHA512

53c729f5b838ef7e44df333deb624191c50fd5a05b3c848fe0331a14eef6fa2d615f69605a3e85cc1f7ad25d3e9aeef09eca91c5bdda2b418851d13eb93d1b6c
SSDEEP

6144:7Lyto9KMLecTR/bsUpbm97VQ8873FKBkDORsnb6ZY2NPdHiVXj:7LKo9PLecFTsU9m9E73FSRsnb6R5Ij

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3172	3004	rundll32.exe	88
PID 3004 wrote to memory of 3172	3004	rundll32.exe	88
PID 3004 wrote to memory of 3172	3004	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
  2⤵
  PID:3172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads