80d48eb263fe58d5a0afaa20679c5824c9f5fdce8a6707e5c9ef3c8817011938

General

Target

gdxh1.dll
Size

1.2MB
MD5

4dc5ec6b3db2a95f5ac9334210b4e9fb
SHA1

24a0e46ac825cad7d5d9a7a79d02f6d07450bcb0
SHA256

80d48eb263fe58d5a0afaa20679c5824c9f5fdce8a6707e5c9ef3c8817011938
SHA512

f0935a7873dfc7b4edd8e40bcaaad11a15b232a6bc2cbbf29505d958f0a2818d341c33586216e9f12e53c202a6a84602a37347dfd7318f89820bc8a9da175ff3

Score

1^/10

Suspicious behavior: EnumeratesProcesses 63 IoCs

Processes:

regsvr32.exeexplorer.exe

Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

regsvr32.exe

pid process

1412 regsvr32.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 876 wrote to memory of 1412	876	regsvr32.exe	regsvr32.exe
PID 876 wrote to memory of 1412	876	regsvr32.exe	regsvr32.exe
PID 876 wrote to memory of 1412	876	regsvr32.exe	regsvr32.exe
PID 876 wrote to memory of 1412	876	regsvr32.exe	regsvr32.exe
PID 876 wrote to memory of 1412	876	regsvr32.exe	regsvr32.exe
PID 876 wrote to memory of 1412	876	regsvr32.exe	regsvr32.exe
PID 876 wrote to memory of 1412	876	regsvr32.exe	regsvr32.exe
PID 1412 wrote to memory of 1124	1412	regsvr32.exe	explorer.exe
PID 1412 wrote to memory of 1124	1412	regsvr32.exe	explorer.exe
PID 1412 wrote to memory of 1124	1412	regsvr32.exe	explorer.exe
PID 1412 wrote to memory of 1124	1412	regsvr32.exe	explorer.exe
PID 1412 wrote to memory of 1124	1412	regsvr32.exe	explorer.exe
PID 1412 wrote to memory of 1124	1412	regsvr32.exe	explorer.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\gdxh1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:876
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\gdxh1.dll
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1124

memory/876-54-0x000007FEFBD51000-0x000007FEFBD53000-memory.dmp

Filesize
8KB

Download
memory/1124-63-0x0000000000080000-0x0000000000082000-memory.dmp

Filesize
8KB

Download
memory/1124-65-0x0000000000000000-mapping.dmp

Download
memory/1124-67-0x0000000074501000-0x0000000074503000-memory.dmp

Filesize
8KB

Download
memory/1124-68-0x00000000003F0000-0x000000000047F000-memory.dmp

Filesize
572KB

Download
memory/1412-55-0x0000000000000000-mapping.dmp

Download
memory/1412-56-0x0000000075901000-0x0000000075903000-memory.dmp

Filesize
8KB

Download
memory/1412-57-0x0000000010000000-0x000000001008F000-memory.dmp

Filesize
572KB

Download