ca3c6aa65d838e2164af3b43a370e35dadd96938d8da0347cffe30cfa19cb3f3

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lolyhzs_veryhuo.com/LOL优化助手1.6.exe
Size

232KB
MD5

0ce444b7040376dc87a6f66e3ec1c0dc
SHA1

6e173dab062c3f84c09f5720685a81d1abfba9f4
SHA256

f98ae7312370270026f36e391598c95a2adc113cccd4b89074e1a7a4d62c1d11
SHA512

60cdaf2ac959b6f3add5e3306bc4f5e5193c3a2dae691f46601d744914a3780012bb6ba755ec681cf796c8fd77a2a3496f7d8d27788359d6fd815e207d358efd
SSDEEP

6144:1dxTiFO8HOpLD7FYQ7wxU6QQooedJrMjqX1waewxPbEMVZ2:578HEFYQv6QXoedNoqGnMVw

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

LOL优化助手1.6.exe

pid process

768 LOL优化助手1.6.exe
Drops file in System32 directory 1 IoCs

Processes:

LOL优化助手1.6.exe

description ioc process

File created C:\Windows\SysWOW64\SRF.dll LOL优化助手1.6.exe

description	ioc	process
File created	C:\Windows\SysWOW64\SRF.dll	LOL优化助手1.6.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

LOL优化助手1.6.exe

pid	process
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe
768	LOL优化助手1.6.exe

C:\Users\Admin\AppData\Local\Temp\lolyhzs_veryhuo.com\LOL优化助手1.6.exe
"C:\Users\Admin\AppData\Local\Temp\lolyhzs_veryhuo.com\LOL优化助手1.6.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\SRF.dll

Filesize
52KB

MD5
b60da4e2e5aceba3ce3d87ee2cd872ee

SHA1
9bbdbf1f3ce2c000a86e0473da756a4b1031db41

SHA256
b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

SHA512
664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

Download Submit