Overview
overview
8Static
static
81001下载乐园.url
windows7-x64
11001下载乐园.url
windows10-2004-x64
1EChartBar.dll
windows7-x64
1EChartBar.dll
windows10-2004-x64
1TrayIcon.dll
windows7-x64
1TrayIcon.dll
windows10-2004-x64
3eAPI.dll
windows7-x64
1eAPI.dll
windows10-2004-x64
1krnln.dll
windows7-x64
1krnln.dll
windows10-2004-x64
1main.exe
windows7-x64
1main.exe
windows10-2004-x64
1xplib.dll
windows7-x64
1xplib.dll
windows10-2004-x64
1yhzj.exe
windows7-x64
8yhzj.exe
windows10-2004-x64
8Analysis
-
max time kernel
32s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 22:58
Behavioral task
behavioral1
Sample
1001下载乐园.url
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1001下载乐园.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
EChartBar.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
EChartBar.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
TrayIcon.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
TrayIcon.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
eAPI.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
eAPI.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
krnln.dll
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
krnln.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral11
Sample
main.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
main.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral13
Sample
xplib.dll
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
xplib.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
yhzj.exe
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
yhzj.exe
Resource
win10v2004-20220812-en
General
-
Target
EChartBar.dll
-
Size
111KB
-
MD5
c55a2f2a4eadd7b9d6dd69a285ba94c0
-
SHA1
29896ead142ec1586c6679cbfad3b3915a0759e3
-
SHA256
03e737400c0409bbda7f9a2c0c64de0ff66df611a2315b90264c0b502e38c37f
-
SHA512
bedb6f148578b02dfe66c5f32d1161e0ec671d0ceeb9e04c95e73a038faef9f57395e424c325b32db65c3248e9bfd1f5b9c4531a3002cc4f349b5f2e8e369b7d
-
SSDEEP
3072:l88MbWhkWun5ldiKaYacPqLMfeooE79neT4x7:l88M6k7dzPacPgK5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 780 wrote to memory of 1920 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1920 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1920 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1920 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1920 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1920 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1920 780 rundll32.exe rundll32.exe