Overview
overview
10Static
static
9hxjydazhuz...dm.dll
windows7-x64
1hxjydazhuz...dm.dll
windows10-2004-x64
1hxjydazhuz...ta.dll
windows7-x64
8hxjydazhuz...ta.dll
windows10-2004-x64
8hxjydazhuz...��.exe
windows7-x64
8hxjydazhuz...��.exe
windows10-2004-x64
10新云软件.url
windows7-x64
1新云软件.url
windows10-2004-x64
1Analysis
-
max time kernel
4s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 22:41
Behavioral task
behavioral1
Sample
hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/dm.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/dm.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/jedata.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/jedata.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/火线精英大主宰自�.exe
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/火线精英大主宰自�.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
新云软件.url
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
新云软件.url
Resource
win10v2004-20220812-en
General
-
Target
hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/jedata.dll
-
Size
86KB
-
MD5
114054313070472cd1a6d7d28f7c5002
-
SHA1
9a044986e6101df1a126035da7326a50c3fe9a23
-
SHA256
e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1
-
SHA512
a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522
-
SSDEEP
1536:0OYdF5pkapU0uz96DjsVgsIm65HPdOMpFQEMqUktZcNqLODRv7zFpl91nouy8jg:0HDp7pRuKjsir5HZFQGrsUwF7hplPouG
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral3/memory/948-56-0x0000000010000000-0x000000001003E000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1576 948 WerFault.exe rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 948 rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1628 wrote to memory of 948 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 948 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 948 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 948 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 948 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 948 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 948 1628 rundll32.exe rundll32.exe PID 948 wrote to memory of 1576 948 rundll32.exe WerFault.exe PID 948 wrote to memory of 1576 948 rundll32.exe WerFault.exe PID 948 wrote to memory of 1576 948 rundll32.exe WerFault.exe PID 948 wrote to memory of 1576 948 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\hxjydazhuzai\火线精英大主宰自动开枪脚本多分辨率支持V1.2\jedata.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\hxjydazhuzai\火线精英大主宰自动开枪脚本多分辨率支持V1.2\jedata.dll,#12⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2523⤵
- Program crash