12ff63af0a27200b512b2fb73d0086cae611b557b4eeb3fb5b630cac9607fb7d

Analysis

max time kernel
14s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 05:44

Target

TAX DOCUMENTS 2/g2m.dll
Size

100.0MB
MD5

fdd7fab01cc9eb7349f24ef1dbd60721
SHA1

b749ad4a425671627562fba3a956672287ea0ac2
SHA256

5b56f1de607f06430e1207d3d4cb2f9f353be1958f48c95a55d7ce5fe1535e67
SHA512

3ccba57756e93c1ca8acc4bdace284831af299b227bc7f3f825bf193acf0bbcc8d3f382c5f497e3d167c42f69e241c3cffc0066851ca078bcc201fa5b56a47fa
SSDEEP

196608:r8u0ivGTAslgbSYBsnBho/wnBvq+4rMOblxz6qYFS1qY2aubxi58/EUxFFVszp:r8uzvfaEog+4rdbUTFVk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2032	3008	regsvr32.exe	28
PID 3008 wrote to memory of 2032	3008	regsvr32.exe	28
PID 3008 wrote to memory of 2032	3008	regsvr32.exe	28
PID 3008 wrote to memory of 2032	3008	regsvr32.exe	28
PID 3008 wrote to memory of 2032	3008	regsvr32.exe	28
PID 3008 wrote to memory of 2032	3008	regsvr32.exe	28
PID 3008 wrote to memory of 2032	3008	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\TAX DOCUMENTS 2\g2m.dll"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\regsvr32.exe
  /s "C:\Users\Admin\AppData\Local\Temp\TAX DOCUMENTS 2\g2m.dll"
  2⤵
  PID:2032

memory/2032-1-0x0000000010014000-0x000000001002D000-memory.dmp

Filesize
100KB

Download
memory/2032-0-0x0000000010000000-0x0000000010F94000-memory.dmp

Filesize
15.6MB

Download
memory/2032-3-0x0000000010000000-0x0000000010F94000-memory.dmp

Filesize
15.6MB

Download
memory/2032-2-0x0000000010000000-0x0000000010F94000-memory.dmp

Filesize
15.6MB

Download
memory/2032-7-0x0000000000180000-0x000000000018A000-memory.dmp

Filesize
40KB

Download
memory/2032-6-0x0000000000180000-0x000000000018A000-memory.dmp

Filesize
40KB

Download
memory/2032-5-0x0000000010000000-0x0000000010F94000-memory.dmp

Filesize
15.6MB

Download
memory/2032-4-0x0000000010F5E000-0x0000000010F8D000-memory.dmp

Filesize
188KB

Download