Overview

overview

4

Static

static

4

BINDInstall.exe

windows7-x64

1

BINDInstall.exe

windows10-2004-x64

1

Bv9ARM.ch01.html

windows7-x64

1

Bv9ARM.ch01.html

windows10-2004-x64

1

Bv9ARM.ch02.html

windows7-x64

1

Bv9ARM.ch02.html

windows10-2004-x64

1

Bv9ARM.ch03.html

windows7-x64

1

Bv9ARM.ch03.html

windows10-2004-x64

1

Bv9ARM.ch04.html

windows7-x64

1

Bv9ARM.ch04.html

windows10-2004-x64

1

Bv9ARM.ch05.html

windows7-x64

1

Bv9ARM.ch05.html

windows10-2004-x64

1

Bv9ARM.ch06.html

windows7-x64

1

Bv9ARM.ch06.html

windows10-2004-x64

1

Bv9ARM.ch07.html

windows7-x64

1

Bv9ARM.ch07.html

windows10-2004-x64

1

Bv9ARM.ch08.html

windows7-x64

1

Bv9ARM.ch08.html

windows10-2004-x64

1

Bv9ARM.ch09.html

windows7-x64

1

Bv9ARM.ch09.html

windows10-2004-x64

1

Bv9ARM.html

windows7-x64

1

Bv9ARM.html

windows10-2004-x64

1

Bv9ARM.pdf

windows7-x64

1

Bv9ARM.pdf

windows10-2004-x64

1

CHANGES.ps1

windows7-x64

1

CHANGES.ps1

windows10-2004-x64

1

bindevt.dll

windows7-x64

1

bindevt.dll

windows10-2004-x64

1

dig.exe

windows7-x64

1

dig.exe

windows10-2004-x64

1

dig.html

windows7-x64

1

dig.html

windows10-2004-x64

1

Analysis

  • max time kernel
    232s
  • max time network
    219s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 14:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bindevt.dll

  • Size

    52KB

  • MD5

    c210a94a31767544ac5e89d59b797254

  • SHA1

    2b718bd5a022e899a9acdd51b86c131ea9bad83c

  • SHA256

    b905a18d36a88fc44a49bcc7b2d91391c1162aeda0981d91286aa89654977e1c

  • SHA512

    f8ff6a839763f49bb56b71bc516357c1a72d2bc4e7e5f9fabbdcddf08c8ab6562f7685a580e55f42bfe1ee861324802a3d4cec7ba19ccc176afc9f76329c763f

  • SSDEEP

    384:jKk9TQsp/0zj3OAPV78tt7l3d0TTwMsKm6jRQnX6MojQWSRkLc0RaPV+8r277eu:jKeTQsio0Zmj3WSRewPVpui/dVtDe

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
      2⤵
        PID:2224

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads