Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-es
  • resource tags

    arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    22/02/2024, 20:50

General

  • Target

    $TEMP/bdfilters.dll

  • Size

    3.1MB

  • MD5

    ce7771d46984248bdda017f5c6f608f7

  • SHA1

    1dc0f86c9b4752463b59d5070f59f99f63cc5ee5

  • SHA256

    a8e95fede4a8df0bb8881d19f2d81fd87f37118c8e93004e0857cebb996f44a3

  • SHA512

    b1e267f91c05544b4a02e57601e021934ba884eebfc51277cefa917383a1c1ec85ddeb3b5f927885967e46a0cb97adceae81443a6423fbbc2a598e717d279fb3

  • SSDEEP

    98304:o69qYpGOg2/rPiYmjDBmmhjOF5oggxtaIrZfVvvv:oYqYpGOg2/rPiY9Evvv

Score
1/10

Malware Config

Signatures

  • Modifies registry class 28 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$TEMP\bdfilters.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$TEMP\bdfilters.dll
      2⤵
      • Modifies registry class
      PID:1772

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads