Overview
overview
10Static
static
8MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...pk.dll
windows7-x64
8MirServer/...pk.dll
windows10-2004-x64
8MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...pk.dll
windows7-x64
8MirServer/...pk.dll
windows10-2004-x64
8MirServer/...te.exe
windows7-x64
1MirServer/...te.exe
windows10-2004-x64
1MirServer/...pk.dll
windows7-x64
8MirServer/...pk.dll
windows10-2004-x64
8MirServer/...rv.exe
windows7-x64
1MirServer/...rv.exe
windows10-2004-x64
1MirServer/...pk.dll
windows7-x64
8MirServer/...pk.dll
windows10-2004-x64
8MirServer/...TL.dll
windows7-x64
1MirServer/...TL.dll
windows10-2004-x64
1MirServer/...al.dll
windows7-x64
1MirServer/...al.dll
windows10-2004-x64
1MirServer/...er.exe
windows7-x64
6MirServer/...er.exe
windows10-2004-x64
5MirServer/...xe.lnk
windows7-x64
3MirServer/...xe.lnk
windows10-2004-x64
3MirServer/...pk.dll
windows7-x64
MirServer/...pk.dll
windows10-2004-x64
1MirServer/...��.htm
windows7-x64
10MirServer/...��.htm
windows10-2004-x64
10MirServer/...te.exe
windows7-x64
1MirServer/...te.exe
windows10-2004-x64
3Analysis
-
max time kernel
76s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 23:56
Behavioral task
behavioral1
Sample
MirServer/DBServer/DBServer.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
MirServer/DBServer/DBServer.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
MirServer/DBServer/lpk.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
MirServer/DBServer/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
MirServer/GameCenter.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
MirServer/GameCenter.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
MirServer/LogServer/LogDataServer.exe
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
MirServer/LogServer/LogDataServer.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
MirServer/LogServer/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
MirServer/LogServer/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
MirServer/LoginGate/LoginGate.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
MirServer/LoginGate/LoginGate.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
MirServer/LoginGate/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
MirServer/LoginGate/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
MirServer/LoginSrv/LoginSrv.exe
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
MirServer/LoginSrv/LoginSrv.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
MirServer/LoginSrv/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral18
Sample
MirServer/LoginSrv/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral19
Sample
MirServer/Mir200/Envir/QuestDiary/16sky.com/ţţ/MSCOMCTL.dll
Resource
win7-20220901-en
Behavioral task
behavioral20
Sample
MirServer/Mir200/Envir/QuestDiary/16sky.com/ţţ/MSCOMCTL.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
MirServer/Mir200/IPLocal.dll
Resource
win7-20220812-en
Behavioral task
behavioral22
Sample
MirServer/Mir200/IPLocal.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral23
Sample
MirServer/Mir200/M2Server.exe
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
MirServer/Mir200/M2Server.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral25
Sample
MirServer/Mir200/M2Server.exe.lnk
Resource
win7-20220901-en
Behavioral task
behavioral26
Sample
MirServer/Mir200/M2Server.exe.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
MirServer/Mir200/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral28
Sample
MirServer/Mir200/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral29
Sample
MirServer/Readme-˵.htm
Resource
win7-20220901-en
Behavioral task
behavioral30
Sample
MirServer/Readme-˵.htm
Resource
win10v2004-20220901-en
Behavioral task
behavioral31
Sample
MirServer/RunGate/RunGate.exe
Resource
win7-20220901-en
Behavioral task
behavioral32
Sample
MirServer/RunGate/RunGate.exe
Resource
win10v2004-20221111-en
General
-
Target
MirServer/Mir200/Envir/QuestDiary/16sky.com/ţţ/MSCOMCTL.dll
-
Size
1.0MB
-
MD5
f7bbb7d79adb9e3adc13f3b3c33d3d4d
-
SHA1
cacb4b31d22419e6a9ddbffcf61ae42da0d5fb8a
-
SHA256
18a83d7a420a17fcb6f56eb3ba5362c975d32e5ded7553c6fd407f07bdb7b006
-
SHA512
4870ddbdf283d7f7f64d3f4bf556600a78804f6a94fc2ca7eb778e85d70b6d2d017aa35cbddf773b6a1b6d9a2813cd67fe54ede7859050a254a3e3c05616ae0e
-
SSDEEP
24576:mnt4M/pL1wAEIqSBanK6CC33VTj+1R8xRFLqqmbD1kWIAqPA:mPL15EIqS1e6q3FmKbt4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 632 wrote to memory of 4796 632 regsvr32.exe regsvr32.exe PID 632 wrote to memory of 4796 632 regsvr32.exe regsvr32.exe PID 632 wrote to memory of 4796 632 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\MirServer\Mir200\Envir\QuestDiary\16sky.com\ţţ\MSCOMCTL.dll1⤵
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\MirServer\Mir200\Envir\QuestDiary\16sky.com\ţţ\MSCOMCTL.dll2⤵PID:4796
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4796-132-0x0000000000000000-mapping.dmp