Overview

overview

9

Static

static

6

[Dev] ¿á...¾.url

windows7_x64

1

[Dev] ¿á...¾.url

windows10_x64

[Dev] ¿á...QA.exe

windows7_x64

8

[Dev] ¿á...QA.exe

windows10_x64

8

[Dev] ¿á...32.dll

windows7_x64

1

[Dev] ¿á...32.dll

windows10_x64

1

[Dev] ¿á...b1.dll

windows7_x64

3

[Dev] ¿á...b1.dll

windows10_x64

9

Analysis

  • max time kernel
    52s
  • max time network
    28s
  • platform
    windows7_x64
  • resource
    win7v200722
  • submitted
    07/08/2020, 18:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [Dev] ¿áQ Air [Õýʽ°æ]/¿áQ Air/bin/zlib1.dll

  • Size

    105KB

  • MD5

    b8a9e91134e7c89440a0f95470d5e47b

  • SHA1

    3cbcee30fc0a7e9807931bc0dafceb627042bfc9

  • SHA256

    42967a768f341d9ce5174eb38a4d63754c3c41739e7d88f4e39cd7354c1fac71

  • SHA512

    e8583ea94b9d1321889359317e367abc88e90e96d0d9243258244a527ffa2b13ab97d0787693ca328960ceb934ea11eefd14abafd640a654473c26e420d2ec54

Score
3/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\[Dev] ¿áQ Air [Õýʽ°æ]\¿áQ Air\bin\zlib1.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\[Dev] ¿áQ Air [Õýʽ°æ]\¿áQ Air\bin\zlib1.dll",#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:648
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 228
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious behavior: EnumeratesProcesses
        • Program crash
        PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1052-2-0x0000000002210000-0x0000000002221000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1052-4-0x0000000002650000-0x0000000002661000-memory.dmp

    Filesize

    68KB

    Download