Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-04-2024 02:17
Static task
static1
Behavioral task
behavioral1
Sample
2023_TAX_ORGANIZER/Tax Organizer.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2023_TAX_ORGANIZER/Tax Organizer.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
2023_TAX_ORGANIZER/g2m.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
2023_TAX_ORGANIZER/g2m.dll
Resource
win10v2004-20240412-en
General
-
Target
2023_TAX_ORGANIZER/g2m.dll
-
Size
6.6MB
-
MD5
dd2a773c6b767755a12e43c02f07d0f4
-
SHA1
8dac463057c09eca19e4dbadfb3daa2bf501c53e
-
SHA256
09173af3144979177cd188a990000eba43d627ac5728969a78f186124dc2255b
-
SHA512
27790b9366a78d4b4e2f368073cb101d8f73b63d989a51396e81d22cf2c8b30736d302d5f434e87cdc584d0e38a5ee9b748be0e832d4f8494fdc8faa99c776dc
-
SSDEEP
98304:nHQXidDnBW0hcthSDnqDO5rzRQfaxcxV4dqahqlO:6i9gDmyhu+M
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1152 wrote to memory of 1772 1152 regsvr32.exe regsvr32.exe PID 1152 wrote to memory of 1772 1152 regsvr32.exe regsvr32.exe PID 1152 wrote to memory of 1772 1152 regsvr32.exe regsvr32.exe PID 1152 wrote to memory of 1772 1152 regsvr32.exe regsvr32.exe PID 1152 wrote to memory of 1772 1152 regsvr32.exe regsvr32.exe PID 1152 wrote to memory of 1772 1152 regsvr32.exe regsvr32.exe PID 1152 wrote to memory of 1772 1152 regsvr32.exe regsvr32.exe