Overview

overview

4

Static

static

4

BINDInstall.exe

windows7-x64

1

BINDInstall.exe

windows10-2004-x64

1

Bv9ARM.ch01.html

windows7-x64

1

Bv9ARM.ch01.html

windows10-2004-x64

1

Bv9ARM.ch02.html

windows7-x64

1

Bv9ARM.ch02.html

windows10-2004-x64

1

Bv9ARM.ch03.html

windows7-x64

1

Bv9ARM.ch03.html

windows10-2004-x64

1

Bv9ARM.ch04.html

windows7-x64

1

Bv9ARM.ch04.html

windows10-2004-x64

1

Bv9ARM.ch05.html

windows7-x64

1

Bv9ARM.ch05.html

windows10-2004-x64

1

Bv9ARM.ch06.html

windows7-x64

1

Bv9ARM.ch06.html

windows10-2004-x64

1

Bv9ARM.ch07.html

windows7-x64

1

Bv9ARM.ch07.html

windows10-2004-x64

1

Bv9ARM.ch08.html

windows7-x64

1

Bv9ARM.ch08.html

windows10-2004-x64

1

Bv9ARM.ch09.html

windows7-x64

1

Bv9ARM.ch09.html

windows10-2004-x64

1

Bv9ARM.html

windows7-x64

1

Bv9ARM.html

windows10-2004-x64

1

Bv9ARM.pdf

windows7-x64

1

Bv9ARM.pdf

windows10-2004-x64

1

CHANGES.vbs

windows7-x64

1

CHANGES.vbs

windows10-2004-x64

1

bindevt.dll

windows7-x64

1

bindevt.dll

windows10-2004-x64

1

dig.exe

windows7-x64

1

dig.exe

windows10-2004-x64

1

dig.html

windows7-x64

1

dig.html

windows10-2004-x64

1

Analysis

  • max time kernel
    130s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bindevt.dll

  • Size

    52KB

  • MD5

    f7b5f9b40126a0586dd6d341246a2b8e

  • SHA1

    0fc8461150d4a06f380df5b2c0e4d847e1b72edd

  • SHA256

    b60abf5a04da57c07a7e880e0fa6e9686afd25c03582ec7330f580de1a638191

  • SHA512

    4a83e762661d934f29e6207622818c76c8834136ef0f1738f938288cd15e996c0e499ff3f11d665e72ad309d82d7a09bc0dd4bd3bb4487fd064903a8db3a22c7

  • SSDEEP

    384:Jk9TQsp/0zj3OAPV78tt7l3d0TTwMsKm6jRQnX6MojQWSRkLc0RaPV+8r277eubs:JeTQsio0Zmj3WSRewPVpui/dVtDe

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:888
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
      2⤵
        PID:1804

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads