Overview
overview
10Static
static
803ff897da4...b3.exe
windows7_x64
703ff897da4...b3.exe
windows10_x64
710493d98a6...41.exe
windows7_x64
710493d98a6...41.exe
windows10_x64
711747d3247...67.exe
windows7_x64
711747d3247...67.exe
windows10_x64
San11 Tc/D...eg.htm
windows7_x64
1San11 Tc/D...eg.htm
windows10_x64
1San11 Tc/DrvMgt.dll
windows7_x64
1San11 Tc/DrvMgt.dll
windows10_x64
1San11 Tc/L...es.exe
windows7_x64
1San11 Tc/L...es.exe
windows10_x64
1San11 Tc/S...er.exe
windows7_x64
1San11 Tc/S...er.exe
windows10_x64
1San11 Tc/S...er.exe
windows7_x64
1San11 Tc/S...er.exe
windows10_x64
1San11 Tc/S...YS.exe
windows7_x64
San11 Tc/S...YS.exe
windows10_x64
San11 Tc/San11.exe
windows7_x64
8San11 Tc/San11.exe
windows10_x64
8San11 Tc/san11pk.exe
windows7_x64
3San11 Tc/san11pk.exe
windows10_x64
1San11 Tc/�...��.exe
windows7_x64
3San11 Tc/�...��.exe
windows10_x64
1023c9e16cc6...7b.exe
windows7_x64
523c9e16cc6...7b.exe
windows10_x64
536a18ae31f...d0.exe
windows7_x64
736a18ae31f...d0.exe
windows10_x64
74109a062b3...d4.exe
windows7_x64
84109a062b3...d4.exe
windows10_x64
8CW3.exe
windows7_x64
1CW3.exe
windows10_x64
1Analysis
-
max time kernel
129s -
max time network
143s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
20-10-2021 15:32
Static task
static1
Behavioral task
behavioral1
Sample
03ff897da4bfb8bc549fdb1ebf7ee940bcb9b57fed7d26d83c45d1e9ec1f40b3.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
03ff897da4bfb8bc549fdb1ebf7ee940bcb9b57fed7d26d83c45d1e9ec1f40b3.exe
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41.exe
Resource
win7-en-20211014
Behavioral task
behavioral4
Sample
10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41.exe
Resource
win10-en-20210920
Behavioral task
behavioral5
Sample
11747d3247254b7db3fb7d6b8c0b47d21546b208b1573a73ae20f46ca4131e67.exe
Resource
win7-en-20211014
Behavioral task
behavioral6
Sample
11747d3247254b7db3fb7d6b8c0b47d21546b208b1573a73ae20f46ca4131e67.exe
Resource
win10-en-20210920
Behavioral task
behavioral7
Sample
San11 Tc/Doc/Reg/san11_reg.htm
Resource
win7-en-20210920
Behavioral task
behavioral8
Sample
San11 Tc/Doc/Reg/san11_reg.htm
Resource
win10-en-20211014
Behavioral task
behavioral9
Sample
San11 Tc/DrvMgt.dll
Resource
win7-en-20210920
Behavioral task
behavioral10
Sample
San11 Tc/DrvMgt.dll
Resource
win10-en-20211014
Behavioral task
behavioral11
Sample
San11 Tc/LinkSan11Res.exe
Resource
win7-en-20210920
Behavioral task
behavioral12
Sample
San11 Tc/LinkSan11Res.exe
Resource
win10-en-20211014
Behavioral task
behavioral13
Sample
San11 Tc/S11Launcher.exe
Resource
win7-en-20210920
Behavioral task
behavioral14
Sample
San11 Tc/S11Launcher.exe
Resource
win10-en-20210920
Behavioral task
behavioral15
Sample
San11 Tc/S11PKLauncher.exe
Resource
win7-en-20211014
Behavioral task
behavioral16
Sample
San11 Tc/S11PKLauncher.exe
Resource
win10-en-20210920
Behavioral task
behavioral17
Sample
San11 Tc/SECDRV.SYS.exe
Resource
win7-en-20211014
Behavioral task
behavioral18
Sample
San11 Tc/SECDRV.SYS.exe
Resource
win10-en-20210920
Behavioral task
behavioral19
Sample
San11 Tc/San11.exe
Resource
win7-en-20211014
Behavioral task
behavioral20
Sample
San11 Tc/San11.exe
Resource
win10-en-20210920
Behavioral task
behavioral21
Sample
San11 Tc/san11pk.exe
Resource
win7-en-20210920
Behavioral task
behavioral22
Sample
San11 Tc/san11pk.exe
Resource
win10-en-20211014
Behavioral task
behavioral23
Sample
San11 Tc/开始游戏.exe
Resource
win7-en-20210920
Behavioral task
behavioral24
Sample
San11 Tc/开始游戏.exe
Resource
win10-en-20211014
Behavioral task
behavioral25
Sample
23c9e16cc6549ca05d349e7d04805309171cfe8a8426cdb7376f2a41b757a67b.exe
Resource
win7-en-20210920
Behavioral task
behavioral26
Sample
23c9e16cc6549ca05d349e7d04805309171cfe8a8426cdb7376f2a41b757a67b.exe
Resource
win10-en-20211014
Behavioral task
behavioral27
Sample
36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0.exe
Resource
win7-en-20210920
Behavioral task
behavioral28
Sample
36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0.exe
Resource
win10-en-20210920
Behavioral task
behavioral29
Sample
4109a062b38d66ee7222cd984120e056acd0f5dad490c623f411c8abb18796d4.exe
Resource
win7-en-20211014
Behavioral task
behavioral30
Sample
4109a062b38d66ee7222cd984120e056acd0f5dad490c623f411c8abb18796d4.exe
Resource
win10-en-20210920
Behavioral task
behavioral31
Sample
CW3.exe
Resource
win7-en-20211014
Behavioral task
behavioral32
Sample
CW3.exe
Resource
win10-en-20210920
General
-
Target
San11 Tc/DrvMgt.dll
-
Size
45KB
-
MD5
9b188e6f9fac4b8fb8d536015589df37
-
SHA1
a5247ec0ec50b8f470c93bf23e3f2514c402d5ad
-
SHA256
538471b7ebe7db84153d4ece0012167805333152c2bf1f83c08da28945e6d85b
-
SHA512
a6e2963bd09b0d39f7ca929ae2eba1639e6301a93755bd83f1c853f55c658936585f6171d0376ee4022a84c9be5383f4522cfc8277b51502147d88664c7063dd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2380 wrote to memory of 1388 2380 rundll32.exe rundll32.exe PID 2380 wrote to memory of 1388 2380 rundll32.exe rundll32.exe PID 2380 wrote to memory of 1388 2380 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1388-116-0x0000000000000000-mapping.dmp