Analysis
-
max time kernel
87s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 17:07
Static task
static1
Behavioral task
behavioral1
Sample
豪迪QQ群发7.7 破解版/CheckVer1.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
豪迪QQ群发7.7 破解版/CheckVer1.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
豪迪QQ群发7.7 破解版/Desklog.dll
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
豪迪QQ群发7.7 破解版/Desklog.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
豪迪QQ群发7.7 破解版/GetInfo.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
豪迪QQ群发7.7 破解版/GetInfo.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
豪迪QQ群发7.7 破解版/QS2013.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
豪迪QQ群发7.7 破解版/QS2013.exe
Resource
win10v2004-20220812-en
General
-
Target
豪迪QQ群发7.7 破解版/CheckVer1.dll
-
Size
41KB
-
MD5
cc6d2f0d3e2982be8d1f37bb276e41a6
-
SHA1
a0d7993f265d19c0cd91070d68d84a24ee41a493
-
SHA256
a6a5e2013a470559de3f7c755acedcc1088c3824cae778d6c8c76c16b22fe231
-
SHA512
cea88dcdf6b6da2c894e234628d49784977de66bfbebe6b490195d622dceeac245d88b3ff429b3b6b0297e4db9bdde10e14a3b4278e8b2e1850f811bef9da67f
-
SSDEEP
768:SCpqFQtwmjmx+0jp61c4O99Yr3zhv8TUJmHps04BtzXBGkG+I8x:1pqFQVCNVdrYr3eUk8Vxa+Jx
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4296 wrote to memory of 1716 4296 rundll32.exe rundll32.exe PID 4296 wrote to memory of 1716 4296 rundll32.exe rundll32.exe PID 4296 wrote to memory of 1716 4296 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\豪迪QQ群发7.7 破解版\CheckVer1.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:4296 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\豪迪QQ群发7.7 破解版\CheckVer1.dll",#12⤵PID:1716