0febdcc57349da7a79710b6cf65c7d6c73dfaeaad3ff7bafb73b936a7e222b4a | Triage

Analysis

max time kernel
357s
max time network
358s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-01-2025 21:29

Sharing

Report Analysis Logs

General

Target

LaSInject/amboit.dll
Size

619KB
MD5

8e5926c798e62e3862e86d12bc2c09c1
SHA1

4ef4655d38dd9354a70453f7dc363a6e69bb2ab4
SHA256

652f86f48e144bedafb2346f3877d51e249aad3077dcf927602122fb82c30bdc
SHA512

8bd6c40d4182861a1a96e0f443a9b04bf6f78de7c7047f1034fb16488ff7eed8b1072dac4ace3d9969f141dd217d91c3c5f5c8f1cba94846746b79259e9a155a
SSDEEP

12288:ZVq3wZOtZ1oOH9HBFjj1rF6WR9QEKZm+jWodEEVIx:+b9HBFjdF99QEKZm+jWodEEWx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2996	2904	rundll32.exe	30
PID 2904 wrote to memory of 2996	2904	rundll32.exe	30
PID 2904 wrote to memory of 2996	2904	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LaSInject\amboit.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2904 -s 80
  2⤵
  PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads