32d346d89b91d4bfb3a1a98c3734db97fe7e39d4fc7f4800d3be032088e46343 | Triage

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 19:37

Sharing

Report Analysis Logs

General

Target

bnbz.tk/xtw.dll
Size

38KB
MD5

142c04466044cb659d8f1923a353e298
SHA1

75a81be48452a4b1e45c9c7ef3fcd6c8c33bcd92
SHA256

3320e1068258b70b2e73dad96ce8b4cb2e079a6abaffa55c100294721f431c95
SHA512

e7adffba8b856e05127918f99cce5861a858f30efb76b683c228f98e864d60ae419f3998ea029f90262368e3d9b3e9f374bd7479a9ca72746fbb25e1b638ee58
SSDEEP

768:4a7f1AUgjqLedACpirEiMA85b6GmZR1jooYp8BXsAIc00D:j9RgjBACpirEiMuHFMEH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral8/memory/2208-0-0x0000000010000000-0x0000000010045000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2208	2840	rundll32.exe	87
PID 2840 wrote to memory of 2208	2840	rundll32.exe	87
PID 2840 wrote to memory of 2208	2840	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bnbz.tk\xtw.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bnbz.tk\xtw.dll,#1
  2⤵
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download