e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3km2-20120...��.chm

windows7-x64

3km2-20120...��.chm

windows10-2004-x64

3km2-20120...cn.url

windows7-x64

3km2-20120...cn.url

windows10-2004-x64

3km2-20120...er.exe

windows7-x64

3km2-20120...er.exe

windows10-2004-x64

3km2-20120...er.exe

windows7-x64

3km2-20120...er.exe

windows10-2004-x64

3km2-20120...er.exe

windows7-x64

3km2-20120...er.exe

windows10-2004-x64

3km2-20120...te.exe

windows7-x64

3km2-20120...te.exe

windows10-2004-x64

3km2-20120...rv.exe

windows7-x64

3km2-20120...rv.exe

windows10-2004-x64

3km2-20120...al.dll

windows7-x64

3km2-20120...al.dll

windows10-2004-x64

3km2-20120...er.exe

windows7-x64

3km2-20120...er.exe

windows10-2004-x64

3km2-20120...le.dll

windows7-x64

3km2-20120...le.dll

windows10-2004-x64

3km2-20120...te.exe

windows7-x64

3km2-20120...te.exe

windows10-2004-x64

3km2-20120...te.exe

windows7-x64

3km2-20120...te.exe

windows10-2004-x64

3km2-20120...��.exe

windows7-x64

3km2-20120...��.exe

windows10-2004-x64

3km2-20120...ne.exe

windows7-x64

3km2-20120...ne.exe

windows10-2004-x64

3km2-20120...��.bat

windows7-x64

3km2-20120...��.bat

windows10-2004-x64

3km2-20120...��.exe

windows7-x64

3km2-20120...��.exe

windows10-2004-x64

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 14:41

Sharing

Copy URL

Twitter E-mail

Static task

static1

aspackv2 upx

2 signatures

Behavioral task

behavioral1

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe

Resource

win7-20220812-en

upx

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe

Resource

win10v2004-20221111-en

upx

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe

Resource

win7-20220812-en

bootkit evasion persistence trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral18

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe

Resource

win10v2004-20220812-en

bootkit evasion persistence trojan

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral19

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll

Resource

win7-20221111-en

bootkit evasion persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral20

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll

Resource

win10v2004-20221111-en

bootkit evasion persistence

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe
Size

406KB
MD5

a89c4a9a2f623c0fdd6c9fea68735bb3
SHA1

b012a26192769a56a92446d820b06c902b06b08a
SHA256

7f76aa96812819466576b11711efefb0b4e52be89b4e7c4b02cad717c6ae960a
SHA512

fed6f747bbcea8ef611547db973dad24952e77dad4deb483e68de1ca77bc066cec9fe4fef9c96cbe19bb54c79c6950d434030ab30539e7224e0bf1b4f93b8ba8
SSDEEP

12288:r39e2xgs3C9DOqLoBXkoXfp6gmplCMMVo:rNvxgs0DzoBBogGM+

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\3km2-20120528[1117]\3K20120528(0404)合击引擎\副将数据转换.exe
"C:\Users\Admin\AppData\Local\Temp\3km2-20120528[1117]\3K20120528(0404)合击引擎\副将数据转换.exe"
1⤵
PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4260-132-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4260-133-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download