Analysis

  • max time kernel
    151s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 07:41

General

  • Target

    lolyhzs_veryhuo.com/LOL优化助手1.6.exe

  • Size

    232KB

  • MD5

    0ce444b7040376dc87a6f66e3ec1c0dc

  • SHA1

    6e173dab062c3f84c09f5720685a81d1abfba9f4

  • SHA256

    f98ae7312370270026f36e391598c95a2adc113cccd4b89074e1a7a4d62c1d11

  • SHA512

    60cdaf2ac959b6f3add5e3306bc4f5e5193c3a2dae691f46601d744914a3780012bb6ba755ec681cf796c8fd77a2a3496f7d8d27788359d6fd815e207d358efd

  • SSDEEP

    6144:1dxTiFO8HOpLD7FYQ7wxU6QQooedJrMjqX1waewxPbEMVZ2:578HEFYQv6QXoedNoqGnMVw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 59 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lolyhzs_veryhuo.com\LOL优化助手1.6.exe
    "C:\Users\Admin\AppData\Local\Temp\lolyhzs_veryhuo.com\LOL优化助手1.6.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\SRF.dll

    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

  • \Windows\SysWOW64\SRF.dll

    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

  • \Windows\SysWOW64\SRF.dll

    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

  • \Windows\SysWOW64\SRF.dll

    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

  • \Windows\SysWOW64\SRF.dll

    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

  • memory/1896-54-0x0000000075201000-0x0000000075203000-memory.dmp

    Filesize

    8KB