Overview
overview
9Static
static
9旺旺群�...EL.dll
windows7-x64
8旺旺群�...EL.dll
windows10-2004-x64
8旺旺群�...bh.dll
windows7-x64
1旺旺群�...bh.dll
windows10-2004-x64
1旺旺群�...le.dll
windows7-x64
1旺旺群�...le.dll
windows10-2004-x64
3旺旺群�...��.url
windows7-x64
1旺旺群�...��.url
windows10-2004-x64
1旺旺群�....0.exe
windows7-x64
8旺旺群�....0.exe
windows10-2004-x64
8旺旺群�...ch.exe
windows7-x64
1旺旺群�...ch.exe
windows10-2004-x64
1旺旺群�...��.doc
windows7-x64
4旺旺群�...��.doc
windows10-2004-x64
1最牛的�...��.url
windows7-x64
1最牛的�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
48s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 16:40
Behavioral task
behavioral1
Sample
旺旺群发E客服版/SkinH_EL.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
旺旺群发E客服版/SkinH_EL.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
旺旺群发E客服版/dxwl_bh.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
旺旺群发E客服版/dxwl_bh.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
旺旺群发E客服版/handle.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
旺旺群发E客服版/handle.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
旺旺群发E客服版/安装前必看.url
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
旺旺群发E客服版/安装前必看.url
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
旺旺群发E客服版/旺旺群发E客服版V1.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
旺旺群发E客服版/旺旺群发E客服版V1.0.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
旺旺群发E客服版/旺旺群发E客服版V1.0_Patch.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
旺旺群发E客服版/旺旺群发E客服版V1.0_Patch.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
旺旺群发E客服版/群发帮助说明.doc
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
旺旺群发E客服版/群发帮助说明.doc
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
最牛的单机游戏下载网站.url
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
最牛的单机游戏下载网站.url
Resource
win10v2004-20220812-en
General
-
Target
旺旺群发E客服版/dxwl_bh.dll
-
Size
62KB
-
MD5
9435c644ce28db438c050ebe544a0f0b
-
SHA1
882aa056c8dfb724b34037c95f7fd9f4ea59ecbd
-
SHA256
ca34dad6b2d447010c4436fb16a6ded53e9ee8111d0f6dad6359fc8717f5a24e
-
SHA512
222e5a7bb20965188962638b7ca1022a0fb0752ce181025615fcdec1e7447dde51d4cd946d0d68bcd270e8f21dacfea49b605c47b9b5b67bdcae1560219ea0d7
-
SSDEEP
768:xc3Vd8JIHm7urOgDrisnJmpu2uwh6dNt63r3jgr7ttOu6WPUHANCDXnkh99d+5:WFdHH9buQVq8w3jgPtv68Un6M5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1508 wrote to memory of 1552 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1552 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1552 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1552 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1552 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1552 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1552 1508 rundll32.exe rundll32.exe