e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98

Submit
Reports

Overview

overview

Static

static

3km2-20120...��.chm

windows7-x64

3km2-20120...��.chm

windows10-2004-x64

3km2-20120...cn.url

windows7-x64

3km2-20120...cn.url

windows10-2004-x64

3km2-20120...er.exe

windows7-x64

3km2-20120...er.exe

windows10-2004-x64

3km2-20120...er.exe

windows7-x64

3km2-20120...er.exe

windows10-2004-x64

3km2-20120...er.exe

windows7-x64

3km2-20120...er.exe

windows10-2004-x64

3km2-20120...te.exe

windows7-x64

3km2-20120...te.exe

windows10-2004-x64

3km2-20120...rv.exe

windows7-x64

3km2-20120...rv.exe

windows10-2004-x64

3km2-20120...al.dll

windows7-x64

3km2-20120...al.dll

windows10-2004-x64

3km2-20120...er.exe

windows7-x64

3km2-20120...er.exe

windows10-2004-x64

3km2-20120...le.dll

windows7-x64

3km2-20120...le.dll

windows10-2004-x64

3km2-20120...te.exe

windows7-x64

3km2-20120...te.exe

windows10-2004-x64

3km2-20120...te.exe

windows7-x64

3km2-20120...te.exe

windows10-2004-x64

3km2-20120...��.exe

windows7-x64

3km2-20120...��.exe

windows10-2004-x64

3km2-20120...ne.exe

windows7-x64

3km2-20120...ne.exe

windows10-2004-x64

3km2-20120...��.bat

windows7-x64

3km2-20120...��.bat

windows10-2004-x64

3km2-20120...��.exe

windows7-x64

3km2-20120...��.exe

windows10-2004-x64

Analysis

max time kernel
148s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 14:41

Sharing

Copy URL

Twitter E-mail

Static task

static1

aspackv2 upx

2 signatures

Behavioral task

behavioral1

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe

Resource

win7-20220812-en

upx

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe

Resource

win10v2004-20221111-en

upx

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe

Resource

win7-20220812-en

bootkit evasion persistence trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral18

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe

Resource

win10v2004-20220812-en

bootkit evasion persistence trojan

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral19

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll

Resource

win7-20221111-en

bootkit evasion persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral20

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll

Resource

win10v2004-20221111-en

bootkit evasion persistence

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll
Size

708KB
MD5

8b1cc052a316b3d9c987638e090dc30c
SHA1

8a786247ed4b8e3b3b23894a40a2662bb6bb864b
SHA256

ec68caf90c61e2c3620154c562f306d3104c99855ee2d6cb40a390003cc21c13
SHA512

fd8f4f5f73756472268acff656b3064858d5dbd98643d2bac27eac4ac23ea51cae30bcabc3a209d466cec72c634e4de06f93345eae49d864e596a3a5c67f3674
SSDEEP

6144:wacWxKtTHt9kwZ7oCSr/eu+zYJfnWV3j8MXSnkxHepk1NHwgIDLL5fKH+c:wacWxoN9kwZMCl3j8xn0+pk15ghfKT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 4524	4588	rundll32.exe	82
PID 4588 wrote to memory of 4524	4588	rundll32.exe	82
PID 4588 wrote to memory of 4524	4588	rundll32.exe	82

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3km2-20120528[1117]\3K20120528(0404)合击引擎\Mir200\IPLocal.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3km2-20120528[1117]\3K20120528(0404)合击引擎\Mir200\IPLocal.dll,#1
  2⤵
  PID:4524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4524-133-0x0000000002D40000-0x0000000002DA4000-memory.dmp

Filesize
400KB

Download
memory/4524-138-0x0000000002D41000-0x0000000002D76000-memory.dmp

Filesize
212KB

Download