e735bd2089fd6a4ff9d806f2232b6caa9f6181fffea76a26136efca4bd5349ac | Triage

Analysis

max time kernel
129s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 12:16

Sharing

Report Analysis Logs

General

Target

BluetoothApis.dll
Size

93KB
MD5

8d09c988ce2ad04646bfbdda1be7c381
SHA1

4f6fc3b28d54d87f4e38ad3d54ea6659e0873cce
SHA256

e735bd2089fd6a4ff9d806f2232b6caa9f6181fffea76a26136efca4bd5349ac
SHA512

62722cf64f9e0a9c6078d566c767edf89b654eecd5dda3cd706d8f9daee6071853e2b7a92e69f135840ac77e36aac8ed7a470b3fdbbe835dd21882b9a72e909a
SSDEEP

1536:t6p6yDq0EE0ZjJ+ykamKrftXlUWISLXsTvgeIDxnLnTC8wv2:Mp6sRSjAykaVrf3UHSLXsTR8XCbv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1152	5072	rundll32.exe	82
PID 5072 wrote to memory of 1152	5072	rundll32.exe	82
PID 5072 wrote to memory of 1152	5072	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BluetoothApis.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\BluetoothApis.dll,#1
  2⤵
  PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads