Analysis
-
max time kernel
243s -
max time network
296s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 22:47
Behavioral task
behavioral1
Sample
Usp10.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Usp10.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
qqmsgsee.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
qqmsgsee.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
使用必读.url
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
使用必读.url
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
华彩软件站.url
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
华彩软件站.url
Resource
win10v2004-20221111-en
General
-
Target
Usp10.dll
-
Size
88KB
-
MD5
28d0bdf6fa32d1988d9cdbf36f1348ee
-
SHA1
d7b11d199ac0449c179af499bfc9ed3be5eb8eba
-
SHA256
e79f6892804c7e18e827416389931b12061b2d1b568944d19c1175d6d3d9e7b4
-
SHA512
fac7e4cd5b4679661486b22135ff5e8877fe4371c2c37bae2f77b31bdf799e9f89a249e51fc75dffd751bb762f9ca59acb10c436decfb5e4f2b5adcc4451ba0a
-
SSDEEP
1536:68No8xdIQi/qBAzCvbO6qU7SqAkx/PB60d7QCQcljUhJ8LDiJOfKaNVtBDVPR2oH:6/8Hi/qi5xOnxxd79Q4juGAOSk/ZVPRT
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1320 wrote to memory of 5036 1320 rundll32.exe rundll32.exe PID 1320 wrote to memory of 5036 1320 rundll32.exe rundll32.exe PID 1320 wrote to memory of 5036 1320 rundll32.exe rundll32.exe