95e0e934fa4af0126102b508db9a798a7f48316873b30e9549d6ba448220fcf4 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07-11-2023 14:03

Sharing

Report Analysis Logs

General

Target

bindevt.dll
Size

448KB
MD5

2fa6e542bb3ffd5cec7ce3c819e71147
SHA1

bb376a2dc4d151aa6134ab36291e634914239b4d
SHA256

8aa31342f9cf09edda7571486b86197c55ef577f72b7e2c205665e7ea5c6cc07
SHA512

4b07382ddca3f32a6736cfa10ffb6f94da9d6c6111e5a3e7e489625ee6aa3964485fe883e83a6c298fa164a73131a827c942dfc1141ba94dfd6bbf67e0782f65
SSDEEP

6144:KLyto9KMLecTR/bsUpbm97VQ8873FKBkDORsnb6ZYNNSdHiVXj:KLKo9PLecFTsU9m9E73FSRsnb6asIj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2324	2140	rundll32.exe	28
PID 2140 wrote to memory of 2324	2140	rundll32.exe	28
PID 2140 wrote to memory of 2324	2140	rundll32.exe	28
PID 2140 wrote to memory of 2324	2140	rundll32.exe	28
PID 2140 wrote to memory of 2324	2140	rundll32.exe	28
PID 2140 wrote to memory of 2324	2140	rundll32.exe	28
PID 2140 wrote to memory of 2324	2140	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
  2⤵
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads