Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-04-2024 19:53
Behavioral task
behavioral1
Sample
Leonardo_Al/LeonardoAl_Setup.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Leonardo_Al/LeonardoAl_Setup.exe
Resource
win10v2004-20240319-en
Behavioral task
behavioral3
Sample
Leonardo_Al/Update_Leo.pdf
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Leonardo_Al/Update_Leo.pdf
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Leonardo_Al/g2m.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Leonardo_Al/g2m.dll
Resource
win10v2004-20240226-en
General
-
Target
Leonardo_Al/g2m.dll
-
Size
130.0MB
-
MD5
0722be7f0411d54e95107a11836c6e03
-
SHA1
b39f9247119b18fc9c846f73c810f426015b964b
-
SHA256
8814bdaaf5c686485ef864c25e2524e662dcfc37a393b0d8faa8d74a556df4b3
-
SHA512
0116217df19b9cc76c0301a7838fb08221a71696d9dc4c82895faae67d8495bd63b4b61d2fa0c8a3a76311faac3d85f2a95b16c8a47ade3e428102769323d13b
-
SSDEEP
786432:fUP7GCGO7b0Srkx/tC0SzIdSwh/WxbpNHQD3trzRp:fUP7GCG64Srkx1hSzYsHQD3t/R
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2436 wrote to memory of 2644 2436 regsvr32.exe regsvr32.exe PID 2436 wrote to memory of 2644 2436 regsvr32.exe regsvr32.exe PID 2436 wrote to memory of 2644 2436 regsvr32.exe regsvr32.exe PID 2436 wrote to memory of 2644 2436 regsvr32.exe regsvr32.exe PID 2436 wrote to memory of 2644 2436 regsvr32.exe regsvr32.exe PID 2436 wrote to memory of 2644 2436 regsvr32.exe regsvr32.exe PID 2436 wrote to memory of 2644 2436 regsvr32.exe regsvr32.exe