ba8db0a36c729d98dc09fbd9c7ea62e1b62f5a435318af68bdb846063a325f21

Analysis

max time kernel
20s
max time network
18s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-04-2024 02:24

Target

g2m.dll
Size

15.1MB
MD5

f14c14a6d5b1613242f061030fdb9163
SHA1

2a0d0c7ee40fdd3fe00a76b6d89c0e951deff8e2
SHA256

ba23ee91a54d3da0e2142a90def9ea6ead953621fdbb2c9a568ab68247993b90
SHA512

7993bd5510278adc273b4de6f62dc0eec06f12b294e62a9cf60319b2ae0bd1111a2aefb8af0876228d4c9e0a5d6e78fda5c494c6583ec92b6ba2b31be69dc4c8
SSDEEP

196608:W0ivGTAslgbSYBsnBho/wnBvq+4rMOblxz6qYFS1qY2aubxi58/EUxFFVs4zti:WzvfaEog+4rdbUTFVe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1380 wrote to memory of 2204	1380	regsvr32.exe	regsvr32.exe
PID 1380 wrote to memory of 2204	1380	regsvr32.exe	regsvr32.exe
PID 1380 wrote to memory of 2204	1380	regsvr32.exe	regsvr32.exe
PID 1380 wrote to memory of 2204	1380	regsvr32.exe	regsvr32.exe
PID 1380 wrote to memory of 2204	1380	regsvr32.exe	regsvr32.exe
PID 1380 wrote to memory of 2204	1380	regsvr32.exe	regsvr32.exe
PID 1380 wrote to memory of 2204	1380	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\g2m.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1380

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\g2m.dll
2⤵
PID:2204

memory/2204-0-0x0000000010000000-0x0000000010F92000-memory.dmp

Filesize
15.6MB

Download
memory/2204-1-0x0000000010000000-0x0000000010F92000-memory.dmp

Filesize
15.6MB

Download
memory/2204-2-0x0000000010000000-0x0000000010F92000-memory.dmp

Filesize
15.6MB

Download
memory/2204-3-0x0000000010000000-0x0000000010F92000-memory.dmp

Filesize
15.6MB

Download
memory/2204-4-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download