Overview
overview
7Static
static
1服务器软件.url
windows7-x64
1服务器软件.url
windows10-2004-x64
脚本之家.url
windows7-x64
1脚本之家.url
windows10-2004-x64
1豪迪QQ�...CK.exe
windows7-x64
7豪迪QQ�...CK.exe
windows10-2004-x64
7豪迪QQ�...er.dll
windows7-x64
1豪迪QQ�...er.dll
windows10-2004-x64
1豪迪QQ�...r1.dll
windows7-x64
1豪迪QQ�...r1.dll
windows10-2004-x64
1豪迪QQ�...og.dll
windows7-x64
1豪迪QQ�...og.dll
windows10-2004-x64
1豪迪QQ�...fo.dll
windows7-x64
6豪迪QQ�...fo.dll
windows10-2004-x64
6豪迪QQ�...CA.exe
windows7-x64
6豪迪QQ�...CA.exe
windows10-2004-x64
6豪迪QQ�...qf.exe
windows7-x64
6豪迪QQ�...qf.exe
windows10-2004-x64
6豪迪QQ�...st.exe
windows7-x64
3豪迪QQ�...st.exe
windows10-2004-x64
3Analysis
-
max time kernel
27s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 15:52
Static task
static1
Behavioral task
behavioral1
Sample
服务器软件.url
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
服务器软件.url
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
脚本之家.url
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
脚本之家.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CRACK.exe
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CRACK.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckUser.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckUser.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckVer1.dll
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckVer1.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/Desklog.dll
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/Desklog.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/GetInfo.dll
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/GetInfo.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/crakc_YLCA.exe
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/crakc_YLCA.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral17
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/qqqf.exe
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/qqqf.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/uninst.exe
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/uninst.exe
Resource
win10v2004-20220812-en
General
-
Target
豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckUser.dll
-
Size
94KB
-
MD5
723769ad7b14edb2ea8a8d9121fde1c4
-
SHA1
be98d6f2862a8d06e599ec961670ebc63965b840
-
SHA256
876a3715784b3b6ca4493eab2e573bca99fd632e1f7be0e0a9fb00219094fb50
-
SHA512
6cc4899eb5bdbfc723d18633692ed8f92082cae7eec79c1f3606ced79c5edf41b30bae4b05af490ffbb6098cdb7ed715f1fa23a68027a40f4692fb3313aa7b7e
-
SSDEEP
1536:iUqXwQIvdCl+ffCKh3b1s2XZFZK0Nc65IfbT6Rq05cst2x1HuHfJ5f0Mubar:IwVGQCC3ps2X3ZK0GtfbT6RP5lQuHxeu
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\豪迪QQ群发器 2014-06-18绿色版\豪迪QQ群发器 2014\CheckUser.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\豪迪QQ群发器 2014-06-18绿色版\豪迪QQ群发器 2014\CheckUser.dll",#12⤵