909df004857e854a646328179d73a9738eec6b2eb559be3b0cd8d3c53b3dd29a | Triage

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 05:06

Sharing

Report Analysis Logs

General

Target

Dyn/BSKiller.dll
Size

53KB
MD5

67c80097886db0d7e13b09760a3e8e4f
SHA1

99a70de657862faef6662996b21987737c0eef50
SHA256

1963ec17989095e76f3373df3047d760c2346818b7850221d168f58d398f7e15
SHA512

d8be7990e6f8ab2c19566c3ae42d56580124995a49d235be228f5d187a305d58e02a67e13404041f5ba11db049e8d8285a59960fe68247338c21c398071e50ae
SSDEEP

768:QskW3SdrTJQ3HP4tY2hmitjIFss2lTXnUAXHn4LZg:QsRS1TJwHKhTxZlTXnJXn4+

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1364	2708	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2708	2824	rundll32.exe	88
PID 2824 wrote to memory of 2708	2824	rundll32.exe	88
PID 2824 wrote to memory of 2708	2824	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dyn\BSKiller.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dyn\BSKiller.dll,#1
  2⤵
  PID:2708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 600
    3⤵
    - Program crash
    PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2708 -ip 2708
1⤵
PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads