Overview
overview
8Static
static
82014年全...��.url
windows7-x64
12014年全...��.url
windows10-2004-x64
1Crack/Game...me.dll
windows7-x64
8Crack/Game...me.dll
windows10-2004-x64
8Crack/Game...er.exe
windows7-x64
1Crack/Game...er.exe
windows10-2004-x64
1www.3dmgame.com.url
windows7-x64
6www.3dmgame.com.url
windows10-2004-x64
6Analysis
-
max time kernel
10s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 22:42
Behavioral task
behavioral1
Sample
2014年全部热门单机游戏及汉化下载.url
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2014年全部热门单机游戏及汉化下载.url
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Crack/Game/Bin/3dmgame.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
Crack/Game/Bin/3dmgame.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
Crack/Game/Bin/The.Sims.4.Launcher.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Crack/Game/Bin/The.Sims.4.Launcher.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
www.3dmgame.com.url
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
www.3dmgame.com.url
Resource
win10v2004-20220901-en
General
-
Target
Crack/Game/Bin/3dmgame.dll
-
Size
802KB
-
MD5
582e9002cc3766b3cff02536b65c6bc4
-
SHA1
91ed2700dbfdaa31b3bfebdfe42a82560839f79f
-
SHA256
5bbd97293117378e8c8f12336be4b59e9bd00ce68d105094fe87a2de79d6792c
-
SHA512
e2704748681bbc133f0b1b7dee0a83455ef83ca9611c29fd5311679846f96dce6a845480176a4904a1e20a426b7407d596622afc0c188e2e8945a837faf3739e
-
SSDEEP
24576:ENiiIr3+x4WzRid6vJSqwduCX8YwfHOPucs0aT/H:ENGDsR1csCsYwfHOj
Malware Config
Signatures
-
resource yara_rule behavioral3/memory/556-57-0x0000000074430000-0x00000000745E9000-memory.dmp vmprotect behavioral3/memory/556-58-0x0000000074430000-0x00000000745E9000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 556 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1188 wrote to memory of 556 1188 rundll32.exe 28 PID 1188 wrote to memory of 556 1188 rundll32.exe 28 PID 1188 wrote to memory of 556 1188 rundll32.exe 28 PID 1188 wrote to memory of 556 1188 rundll32.exe 28 PID 1188 wrote to memory of 556 1188 rundll32.exe 28 PID 1188 wrote to memory of 556 1188 rundll32.exe 28 PID 1188 wrote to memory of 556 1188 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Crack\Game\Bin\3dmgame.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1188 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Crack\Game\Bin\3dmgame.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:556
-