Overview
overview
9Static
static
9旺旺群�...EL.dll
windows7-x64
8旺旺群�...EL.dll
windows10-2004-x64
8旺旺群�...bh.dll
windows7-x64
1旺旺群�...bh.dll
windows10-2004-x64
1旺旺群�...le.dll
windows7-x64
1旺旺群�...le.dll
windows10-2004-x64
3旺旺群�...��.url
windows7-x64
1旺旺群�...��.url
windows10-2004-x64
1旺旺群�....0.exe
windows7-x64
8旺旺群�....0.exe
windows10-2004-x64
8旺旺群�...ch.exe
windows7-x64
1旺旺群�...ch.exe
windows10-2004-x64
1旺旺群�...��.doc
windows7-x64
4旺旺群�...��.doc
windows10-2004-x64
1最牛的�...��.url
windows7-x64
1最牛的�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
190s -
max time network
224s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 16:40
Behavioral task
behavioral1
Sample
旺旺群发E客服版/SkinH_EL.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
旺旺群发E客服版/SkinH_EL.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
旺旺群发E客服版/dxwl_bh.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
旺旺群发E客服版/dxwl_bh.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
旺旺群发E客服版/handle.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
旺旺群发E客服版/handle.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
旺旺群发E客服版/安装前必看.url
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
旺旺群发E客服版/安装前必看.url
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
旺旺群发E客服版/旺旺群发E客服版V1.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
旺旺群发E客服版/旺旺群发E客服版V1.0.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
旺旺群发E客服版/旺旺群发E客服版V1.0_Patch.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
旺旺群发E客服版/旺旺群发E客服版V1.0_Patch.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
旺旺群发E客服版/群发帮助说明.doc
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
旺旺群发E客服版/群发帮助说明.doc
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
最牛的单机游戏下载网站.url
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
最牛的单机游戏下载网站.url
Resource
win10v2004-20220812-en
General
-
Target
旺旺群发E客服版/handle.dll
-
Size
660KB
-
MD5
867cfc1a9f60aebe95aaa38f6f88b2ed
-
SHA1
f1a5efb7c9f1464f0542d1f96c3a78f2bc70e57d
-
SHA256
b4141e80b17c71111c0ff1ba92c47e6522625a351aa47c89bbf88f7aaa83c6e2
-
SHA512
9cf5cb481f79596428acc237be4fe850815f6d95e31472b08790145946a86e41d35c2d16ab85f95edbf9fa191a4f6bff2ab6a45bef18ee4294de48f035f1ca27
-
SSDEEP
6144:YG5utRSOTufCmLjHkoP6crCFhPLfi1RgK9X/cTJ48FkDBwIBOIvSRTA/TpBAoTXg:Y3tRuCa3P6cr2h89k/kDxBDv7s
Malware Config
Signatures
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 2964 4104 WerFault.exe rundll32.exe 3996 4104 WerFault.exe rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 4104 rundll32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1316 wrote to memory of 4104 1316 rundll32.exe rundll32.exe PID 1316 wrote to memory of 4104 1316 rundll32.exe rundll32.exe PID 1316 wrote to memory of 4104 1316 rundll32.exe rundll32.exe PID 4104 wrote to memory of 2964 4104 rundll32.exe WerFault.exe PID 4104 wrote to memory of 2964 4104 rundll32.exe WerFault.exe PID 4104 wrote to memory of 2964 4104 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\旺旺群发E客服版\handle.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\旺旺群发E客服版\handle.dll,#12⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 6923⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 6923⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4104 -ip 41041⤵