3f0e07fc6345cc179b7571de8b9fb2bfee2f9bef92a4ec224b4e034cd49e697f

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-04-2024 01:13

Target

g2m.dll
Size

100.0MB
MD5

448de2bbd26b3dd436ad590497c36779
SHA1

595f23c3e5ace472e888bd429107f901cd230d0b
SHA256

4bcaba254171a6aed68dc2c893207b1f5ad3c2d2a650ff18a4d2d1cd0c7f0ed6
SHA512

c747a4d02108fb07e5f967b50a912a181e8f9b664f47d22a6ac0ee785144e272c133bfbfea97d61d53396dd42158fb308c5452575a3d01d02ac06d759d52dbb6
SSDEEP

196608:Mx0ivGTAslgbSYBsnBho/wnBvq+4rMOblxz6qYFS1qY2aubxi58/EUxFFVsv:MxzvfaEog+4rdbUTFVI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1284 wrote to memory of 1752	1284	regsvr32.exe	regsvr32.exe
PID 1284 wrote to memory of 1752	1284	regsvr32.exe	regsvr32.exe
PID 1284 wrote to memory of 1752	1284	regsvr32.exe	regsvr32.exe
PID 1284 wrote to memory of 1752	1284	regsvr32.exe	regsvr32.exe
PID 1284 wrote to memory of 1752	1284	regsvr32.exe	regsvr32.exe
PID 1284 wrote to memory of 1752	1284	regsvr32.exe	regsvr32.exe
PID 1284 wrote to memory of 1752	1284	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\g2m.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1284

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\g2m.dll
2⤵
PID:1752

memory/1752-0-0x0000000010000000-0x0000000010F8F000-memory.dmp

Filesize
15.6MB

Download
memory/1752-1-0x0000000010000000-0x0000000010F8F000-memory.dmp

Filesize
15.6MB

Download
memory/1752-2-0x0000000010000000-0x0000000010F8F000-memory.dmp

Filesize
15.6MB

Download
memory/1752-4-0x0000000010000000-0x0000000010F8F000-memory.dmp

Filesize
15.6MB

Download
memory/1752-5-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download