929adcf731e730ee1251eeef8513fd774b1357c1c3e1da4d287722ed778434f9

Submit
Reports

Overview

overview

Static

static

03ff897da4...b3.exe

windows7_x64

03ff897da4...b3.exe

windows10_x64

10493d98a6...41.exe

windows7_x64

10493d98a6...41.exe

windows10_x64

11747d3247...67.exe

windows7_x64

11747d3247...67.exe

windows10_x64

San11 Tc/D...eg.htm

windows7_x64

San11 Tc/D...eg.htm

windows10_x64

San11 Tc/DrvMgt.dll

windows7_x64

San11 Tc/DrvMgt.dll

windows10_x64

San11 Tc/L...es.exe

windows7_x64

San11 Tc/L...es.exe

windows10_x64

San11 Tc/S...er.exe

windows7_x64

San11 Tc/S...er.exe

windows10_x64

San11 Tc/S...er.exe

windows7_x64

San11 Tc/S...er.exe

windows10_x64

San11 Tc/S...YS.exe

windows7_x64

San11 Tc/S...YS.exe

windows10_x64

San11 Tc/San11.exe

windows7_x64

San11 Tc/San11.exe

windows10_x64

San11 Tc/san11pk.exe

windows7_x64

San11 Tc/san11pk.exe

windows10_x64

San11 Tc/�...��.exe

windows7_x64

San11 Tc/�...��.exe

windows10_x64

23c9e16cc6...7b.exe

windows7_x64

23c9e16cc6...7b.exe

windows10_x64

36a18ae31f...d0.exe

windows7_x64

36a18ae31f...d0.exe

windows10_x64

4109a062b3...d4.exe

windows7_x64

4109a062b3...d4.exe

windows10_x64

CW3.exe

windows7_x64

CW3.exe

windows10_x64

Analysis

max time kernel
42s
max time network
34s
platform
windows7_x64
resource
win7-en-20210920
submitted
20-10-2021 15:32

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx

Behavioral task

behavioral1

Sample

03ff897da4bfb8bc549fdb1ebf7ee940bcb9b57fed7d26d83c45d1e9ec1f40b3.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

03ff897da4bfb8bc549fdb1ebf7ee940bcb9b57fed7d26d83c45d1e9ec1f40b3.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

11747d3247254b7db3fb7d6b8c0b47d21546b208b1573a73ae20f46ca4131e67.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

11747d3247254b7db3fb7d6b8c0b47d21546b208b1573a73ae20f46ca4131e67.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

San11 Tc/Doc/Reg/san11_reg.htm

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

San11 Tc/Doc/Reg/san11_reg.htm

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

San11 Tc/DrvMgt.dll

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

San11 Tc/DrvMgt.dll

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

San11 Tc/LinkSan11Res.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

San11 Tc/LinkSan11Res.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

San11 Tc/S11Launcher.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

San11 Tc/S11Launcher.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

San11 Tc/S11PKLauncher.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

San11 Tc/S11PKLauncher.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

San11 Tc/SECDRV.SYS.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

San11 Tc/SECDRV.SYS.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

San11 Tc/San11.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

San11 Tc/San11.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

San11 Tc/san11pk.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

San11 Tc/san11pk.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

San11 Tc/开始游戏.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

San11 Tc/开始游戏.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

23c9e16cc6549ca05d349e7d04805309171cfe8a8426cdb7376f2a41b757a67b.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

23c9e16cc6549ca05d349e7d04805309171cfe8a8426cdb7376f2a41b757a67b.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

4109a062b38d66ee7222cd984120e056acd0f5dad490c623f411c8abb18796d4.exe

Resource

win7-en-20211014

discovery persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

4109a062b38d66ee7222cd984120e056acd0f5dad490c623f411c8abb18796d4.exe

Resource

win10-en-20210920

discovery persistence upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

CW3.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

CW3.exe

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

San11 Tc/DrvMgt.dll
Size

45KB
MD5

9b188e6f9fac4b8fb8d536015589df37
SHA1

a5247ec0ec50b8f470c93bf23e3f2514c402d5ad
SHA256

538471b7ebe7db84153d4ece0012167805333152c2bf1f83c08da28945e6d85b
SHA512

a6e2963bd09b0d39f7ca929ae2eba1639e6301a93755bd83f1c853f55c658936585f6171d0376ee4022a84c9be5383f4522cfc8277b51502147d88664c7063dd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1108 wrote to memory of 1648	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 1648	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 1648	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 1648	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 1648	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 1648	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 1648	1108	rundll32.exe	rundll32.exe

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\San11 Tc\DrvMgt.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\San11 Tc\DrvMgt.dll",#1
2⤵
PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-54-0x0000000000000000-mapping.dmp

Download
memory/1648-55-0x0000000075BF1000-0x0000000075BF3000-memory.dmp

Filesize
8KB

Download