32fd8c5a09f3d07ac6ee068e04fa650c0b22cd029e5c71942067d4648cb62887 | Triage

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 16:38

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/BDMDownload.dll
Size

158KB
MD5

d184763cb4e62d531193978de7b82db2
SHA1

f4824e6e58f50b1fd89396afa17d0f97d86895f7
SHA256

63a233664064e22fd3260e4dc06293b8fa724e62071ad1cf8af9a4bb453e1dea
SHA512

25bb657827c1c4ce410346e11e60fe954f62100731bd730405cba666d4eb7009dfd394053e2afabfd9981ea0eea5fa625f24805a1d4d24c7da44f6449eda7e1b
SSDEEP

3072:NtmM/jSHRNnu+8ON7szLOkXcgpZD+cTxtjt8UWbzk:bvlZvTxQU1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 2220	3504	rundll32.exe	82
PID 3504 wrote to memory of 2220	3504	rundll32.exe	82
PID 3504 wrote to memory of 2220	3504	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BDMDownload.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BDMDownload.dll,#1
  2⤵
  PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads