2e392a0fddd485b24600022bd5a5b99aa50d4104f7947afcd766f3627e06fc62 | Triage

Analysis

max time kernel
359s
max time network
363s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 00:34

Sharing

Report Analysis Logs

General

Target

g2m.dll
Size

200.0MB
MD5

20c883bfc44dcd6eda231560851723d2
SHA1

f479834bfabb38c950a6b2a00f87bf7cdc5e80bb
SHA256

570104241aec8d351f43c141352ceefafdad2778edd9dc455aee59f3d5ce250f
SHA512

2afa9ed3ded2d1658e1bf3d0b2ea753b302f559feb6de2478dda8f98e757b7a6397b39f284c51ab8822b7585728ae159f12ebcefc456fbdc7c5d55f9f476077d
SSDEEP

786432:3UP7GCGO7b0Srkx/tC0SzIdSwh/WxbpNHQD3trzRpH:3UP7GCG64Srkx1hSzYsHQD3t/R

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2368 wrote to memory of 2332	2368	regsvr32.exe	regsvr32.exe
PID 2368 wrote to memory of 2332	2368	regsvr32.exe	regsvr32.exe
PID 2368 wrote to memory of 2332	2368	regsvr32.exe	regsvr32.exe
PID 2368 wrote to memory of 2332	2368	regsvr32.exe	regsvr32.exe
PID 2368 wrote to memory of 2332	2368	regsvr32.exe	regsvr32.exe
PID 2368 wrote to memory of 2332	2368	regsvr32.exe	regsvr32.exe
PID 2368 wrote to memory of 2332	2368	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\g2m.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2368

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\g2m.dll
2⤵
PID:2332

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2332-0-0x0000000010000000-0x0000000012DB3000-memory.dmp

Filesize
45.7MB

Download
memory/2332-1-0x0000000010000000-0x0000000012DB3000-memory.dmp

Filesize
45.7MB

Download
memory/2332-2-0x0000000010000000-0x0000000012DB3000-memory.dmp

Filesize
45.7MB

Download