db15a69d0ca99a99a6c6771ab9598bf8d93d29d036eff64f52dc262048bd8e39 | Triage

Resubmissions

14/05/2024, 09:47

240514-lsl8caag51 10

14/05/2024, 09:47

240514-lsbfvabb68 10

23/04/2024, 13:16

240423-qhzsxagf46 10

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/04/2024, 13:16

Sharing

Report Analysis Logs

General

Target

g2m.dll
Size

399KB
MD5

326683813b145cc5469dff1f77c701e3
SHA1

b31eb0e91c6e70719a15dd61e7e374ce2b7782c1
SHA256

93439fe9b45d7b6e9fcdc5e68fd47677ea17025e4eabb6f1468cb9ae98ee8a5b
SHA512

981bf18aa03259a557eed4fc336d27f3f55b3a0421e70b6b59c5ef9753be885b537d5e55f2d58753621b57aa6079708d35732edddd4d97d4891b79600e631fc3
SSDEEP

6144:u9rSWpovUahUzo+NY7+c2wkYUL8NuS3ZCXfrUNfu:u9TpofojwjUL8IJ8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 2844	1176	rundll32.exe	28
PID 1176 wrote to memory of 2844	1176	rundll32.exe	28
PID 1176 wrote to memory of 2844	1176	rundll32.exe	28
PID 1176 wrote to memory of 2844	1176	rundll32.exe	28
PID 1176 wrote to memory of 2844	1176	rundll32.exe	28
PID 1176 wrote to memory of 2844	1176	rundll32.exe	28
PID 1176 wrote to memory of 2844	1176	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\g2m.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\g2m.dll,#1
  2⤵
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads