Overview

overview

8

Static

static

8

2014年全...��.url

windows7-x64

1

2014年全...��.url

windows10-2004-x64

1

Crack/Game...me.dll

windows7-x64

8

Crack/Game...me.dll

windows10-2004-x64

8

Crack/Game...er.exe

windows7-x64

1

Crack/Game...er.exe

windows10-2004-x64

1

www.3dmgame.com.url

windows7-x64

6

www.3dmgame.com.url

windows10-2004-x64

6

Analysis

  • max time kernel
    10s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Crack/Game/Bin/3dmgame.dll

  • Size

    802KB

  • MD5

    582e9002cc3766b3cff02536b65c6bc4

  • SHA1

    91ed2700dbfdaa31b3bfebdfe42a82560839f79f

  • SHA256

    5bbd97293117378e8c8f12336be4b59e9bd00ce68d105094fe87a2de79d6792c

  • SHA512

    e2704748681bbc133f0b1b7dee0a83455ef83ca9611c29fd5311679846f96dce6a845480176a4904a1e20a426b7407d596622afc0c188e2e8945a837faf3739e

  • SSDEEP

    24576:ENiiIr3+x4WzRid6vJSqwduCX8YwfHOPucs0aT/H:ENGDsR1csCsYwfHOj

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Crack\Game\Bin\3dmgame.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Crack\Game\Bin\3dmgame.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/556-54-0x0000000000000000-mapping.dmp
    Download
  • memory/556-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/556-56-0x00000000745F0000-0x00000000747A9000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/556-57-0x0000000074430000-0x00000000745E9000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/556-58-0x0000000074430000-0x00000000745E9000-memory.dmp
    Filesize

    1.7MB

    Download