deaffb8fb87d9d091a13d42e34b17e2ccebb4bdb857e42624b58f8eb54cc34f6 | Triage

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 20:49

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/bpcnrtp.dll
Size

166KB
MD5

250221a999b372a3d7318c388ad51fe2
SHA1

8fd2692d924b777e0146cfe4a57cfc03d07756f8
SHA256

433cd8268b8f94eb0393af2ab219ccc6b4cfe902d70e17a4d8d123582c156db2
SHA512

b38c368581231242f657c27394d28ddff12f347a81858228da23c19f797684a8d28fe3e0d0c0e853b3c6d719761974a309034db1db07451426b501d027edf3d9
SSDEEP

3072:GE3gR610d7qaSJ/mGvTVs9M4dC+LoU9+S/9s4aV8:r3gR6idfr2TEdC+Ld9Mm

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2012	3260	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 3260	1872	rundll32.exe	83
PID 1872 wrote to memory of 3260	1872	rundll32.exe	83
PID 1872 wrote to memory of 3260	1872	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bpcnrtp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bpcnrtp.dll,#1
  2⤵
  PID:3260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 600
    3⤵
    - Program crash
    PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3260 -ip 3260
1⤵
PID:972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads