e51bac091a171091098a61a2706c410ff7896d04f1f82bcec6c8b42447544805 | Triage

Analysis

max time kernel
131s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:50

Sharing

Report Analysis Logs

General

Target

Plugins/aviout.dll
Size

172KB
MD5

831f80c5ebf1f0b5ed35a7936fff16f0
SHA1

57b85ceb848c7547f8b4eb2ba4282670b64bd6c8
SHA256

f4c9531f0cd2c1d1e0f516e8282e88ec97c5bd65f6db3e02dadfc31d79e9af1a
SHA512

961eb8acae8501463353813471316dd55d384c0780eba0ab483011638cb635afe98f39c722f21ae44de651917d32eea336b8e1e3cf763b1393cdb479076228f7
SSDEEP

1536:QEJ57McjQOIEKWTrL0ltyhpuG5lv2RVKUIJnvHo9+N:Qe5wcjQjpWTroltyhwCv4ytvHo9+N

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3360 wrote to memory of 3792	3360	rundll32.exe	rundll32.exe
PID 3360 wrote to memory of 3792	3360	rundll32.exe	rundll32.exe
PID 3360 wrote to memory of 3792	3360	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\aviout.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3360

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\aviout.dll,#1
2⤵
PID:3792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...