5a98e027413c17a092d04b5336448316b0933e5cfd0dac15c3dc2097d854f807 | Triage

Analysis

max time kernel
2s
max time network
25s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2024 02:16

Sharing

Report Analysis Logs

General

Target

g2m.dll
Size

15.1MB
MD5

53cd4b218deb3fd9b31ae4f54daf0e0b
SHA1

1fdbcd6296487943b57c073a5a0aac36fead5f1e
SHA256

6edc001310ea4896cc410b9d5dd8beaf912f8a71f1be60c139780d0bf5507007
SHA512

771fa9878109ee683733ac930fc828b3448d31b41ca50202952a44bfc0c8a32b75343b814d1f5d054a3272d0b9c11e245c562c9a3799fffb2ae677c3ea4c04aa
SSDEEP

196608:/m0ivGTAslgbSYBsnBho/wnBvq+4rMOblxz6qYFS1qY2aubxi58/EUxFFVsIE:/mzvfaEog+4rdbUTFVjE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 956 wrote to memory of 3052	956	regsvr32.exe	regsvr32.exe
PID 956 wrote to memory of 3052	956	regsvr32.exe	regsvr32.exe
PID 956 wrote to memory of 3052	956	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\g2m.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:956

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\g2m.dll
2⤵
PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3052-0-0x0000000010000000-0x0000000010F8F000-memory.dmp

Filesize
15.6MB

Download