d8e220f8221409c3d3943c555c4f8325b57427defbf832cfbe4c7417dc74f19f | Triage

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 22:59

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/BDMDownload.dll
Size

158KB
MD5

d184763cb4e62d531193978de7b82db2
SHA1

f4824e6e58f50b1fd89396afa17d0f97d86895f7
SHA256

63a233664064e22fd3260e4dc06293b8fa724e62071ad1cf8af9a4bb453e1dea
SHA512

25bb657827c1c4ce410346e11e60fe954f62100731bd730405cba666d4eb7009dfd394053e2afabfd9981ea0eea5fa625f24805a1d4d24c7da44f6449eda7e1b
SSDEEP

3072:NtmM/jSHRNnu+8ON7szLOkXcgpZD+cTxtjt8UWbzk:bvlZvTxQU1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BDMDownload.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BDMDownload.dll,#1
  2⤵
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads