Overview
overview
10Static
static
10lolyhzs_ve...py.dll
windows7-x64
10lolyhzs_ve...py.dll
windows10-2004-x64
10lolyhzs_ve....6.exe
windows7-x64
7lolyhzs_ve....6.exe
windows10-2004-x64
7lolyhzs_ve...KT.dll
windows7-x64
8lolyhzs_ve...KT.dll
windows10-2004-x64
1lolyhzs_ve...ss.exe
windows7-x64
1lolyhzs_ve...ss.exe
windows10-2004-x64
1lolyhzs_ve...��.url
windows7-x64
1lolyhzs_ve...��.url
windows10-2004-x64
Analysis
-
max time kernel
42s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 07:41
Behavioral task
behavioral1
Sample
lolyhzs_veryhuo.com/Copy.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
lolyhzs_veryhuo.com/Copy.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
lolyhzs_veryhuo.com/LOL优化助手1.6.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
lolyhzs_veryhuo.com/LOL优化助手1.6.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
lolyhzs_veryhuo.com/SKT.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
lolyhzs_veryhuo.com/SKT.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
lolyhzs_veryhuo.com/process.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
lolyhzs_veryhuo.com/process.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
lolyhzs_veryhuo.com/最火软件站.url
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
lolyhzs_veryhuo.com/最火软件站.url
Resource
win10v2004-20220812-en
General
-
Target
lolyhzs_veryhuo.com/SKT.dll
-
Size
99KB
-
MD5
6c4680f6a837be4452fdc956dc3cb94a
-
SHA1
b3c09ca7bace0f306be095de956a165562c4c71c
-
SHA256
0f0b84c97a667ed614cdeaca5afdb6a1742438a262ba926e9320039c4c97cd0b
-
SHA512
6d1b6ddaff443935a8c221b9bc9e9bbf568078ea7b75262b52da2e06f7ab8f8ec19120e0511211e3725026683f8d294ac4fe175a21d4182a1da563cf6b755614
-
SSDEEP
1536:iKc9rgArUR/fzxFpjPhFFwwAhteeLceTay6oYrGKQ9c10H7IgKVqq0n:iKoUp9FprhFFwwk0N3oYr1QPEfVqX
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral5/memory/1696-56-0x0000000010000000-0x0000000010029000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1744 wrote to memory of 1696 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1696 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1696 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1696 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1696 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1696 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1696 1744 rundll32.exe rundll32.exe