Overview
overview
8Static
static
8monirs4mia...me.dll
windows7-x64
8monirs4mia...me.dll
windows10-2004-x64
8monirs4mia...er.exe
windows7-x64
1monirs4mia...er.exe
windows10-2004-x64
1monirs4mia...��.url
windows7-x64
1monirs4mia...��.url
windows10-2004-x64
1monirs4mia...��.url
windows7-x64
1monirs4mia...��.url
windows10-2004-x64
1Analysis
-
max time kernel
97s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 10:09
Behavioral task
behavioral1
Sample
monirs4mianOriginbd/Crack/Game/Bin/3dmgame.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
monirs4mianOriginbd/Crack/Game/Bin/3dmgame.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
monirs4mianOriginbd/Crack/Game/Bin/The.Sims.4.Launcher.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
monirs4mianOriginbd/Crack/Game/Bin/The.Sims.4.Launcher.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
monirs4mianOriginbd/下载说明.url
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
monirs4mianOriginbd/下载说明.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
monirs4mianOriginbd/西西单机游戏.url
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
monirs4mianOriginbd/西西单机游戏.url
Resource
win10v2004-20220812-en
General
-
Target
monirs4mianOriginbd/Crack/Game/Bin/3dmgame.dll
-
Size
678KB
-
MD5
8fff2357de72f14514974f18e06094ed
-
SHA1
8f32875c50c828f12a5187957a7e6c63c0e97618
-
SHA256
765aae565bb22b80292776a6b1cd5457a1a9e60628a562801578f19a735fde54
-
SHA512
43bec0b8196bd205278d100990e3eead9a448c2fdc5ce07af07cb7618b44329f4d9c05a51e2c2c6f74042e635bfb4fc0d69e72676ccec525a6aac6b389f06bfd
-
SSDEEP
12288:uGhsRHHMrFFMjF3jyY8cUUkxaxfBYGhLxCef+22d+I9cyp9lXZ4tJ+l+w:uGG1MrbANjZ8cBOaxpZCofoRrcJQ+w
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1988-56-0x0000000074440000-0x00000000745BE000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1668 wrote to memory of 1988 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1988 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1988 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1988 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1988 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1988 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1988 1668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\monirs4mianOriginbd\Crack\Game\Bin\3dmgame.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\monirs4mianOriginbd\Crack\Game\Bin\3dmgame.dll,#12⤵