Overview
overview
8Static
static
8河源下�...om.url
windows7-x64
1河源下�...om.url
windows10-2004-x64
1简單挂�...nj.dll
windows7-x64
8简單挂�...nj.dll
windows10-2004-x64
8简單挂�...ro.dll
windows7-x64
8简單挂�...ro.dll
windows10-2004-x64
8简單挂�...ip.dll
windows7-x64
1简單挂�...ip.dll
windows10-2004-x64
3简單挂�....0.exe
windows7-x64
8简單挂�....0.exe
windows10-2004-x64
8简單挂�...04.url
windows7-x64
1简單挂�...04.url
windows10-2004-x64
1简單挂�...om.url
windows7-x64
1简單挂�...om.url
windows10-2004-x64
1简單挂�...�1.exe
windows7-x64
8简單挂�...�1.exe
windows10-2004-x64
8简單挂�...��.exe
windows7-x64
7简單挂�...��.exe
windows10-2004-x64
6Analysis
-
max time kernel
41s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27-11-2022 20:18
Behavioral task
behavioral1
Sample
河源下载站-xz7.com.url
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
河源下载站-xz7.com.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
简單挂免曊版⒔1/SimpInj.dll
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
简單挂免曊版⒔1/SimpInj.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
简單挂免曊版⒔1/SimplePro.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
简單挂免曊版⒔1/SimplePro.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
简單挂免曊版⒔1/zip.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
简單挂免曊版⒔1/zip.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
简單挂免曊版⒔1/传奇通用变速器7.0.exe
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
简單挂免曊版⒔1/传奇通用变速器7.0.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
简單挂免曊版⒔1/在线咨询QQ:910001904.url
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
简單挂免曊版⒔1/在线咨询QQ:910001904.url
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
简單挂免曊版⒔1/简单挂官网:s1904.com.url
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
简單挂免曊版⒔1/简单挂官网:s1904.com.url
Resource
win10v2004-20220901-en
Behavioral task
behavioral15
Sample
简單挂免曊版⒔1/简單挂免曊版⒔1.exe
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
简單挂免曊版⒔1/简單挂免曊版⒔1.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
简單挂免曊版⒔1/霸王恶魔.exe
Resource
win7-20220901-en
Behavioral task
behavioral18
Sample
简單挂免曊版⒔1/霸王恶魔.exe
Resource
win10v2004-20220812-en
General
-
Target
简單挂免曊版⒔1/SimpInj.dll
-
Size
318KB
-
MD5
537402ee556a3cd05552ec9a64a2ef07
-
SHA1
12768e31c3268fc76c701bf128be96c946fef45a
-
SHA256
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f
-
SHA512
a4bd2246726e4f425d1cd7e01e8e6a75bb41776b08c41c0c40314f36acd2d320dcbea4bd57cc4cf30d8931ddc9c996e76e884962ea0375b314fc491e56fa3a5d
-
SSDEEP
6144:i6BDSXv3WyRljOpYwo+XqidUtmko1vMAvcvyEmut6R4gocnwgv/p+ZJN:i6BKWyRljgYUXqKomko1EzvM7nwGp+Zn
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral3/memory/1124-56-0x00000000752B0000-0x0000000075359000-memory.dmp vmprotect behavioral3/memory/1124-58-0x00000000752B0000-0x0000000075359000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1492 wrote to memory of 1124 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1124 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1124 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1124 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1124 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1124 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1124 1492 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1124-54-0x0000000000000000-mapping.dmp
-
memory/1124-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmpFilesize
8KB
-
memory/1124-56-0x00000000752B0000-0x0000000075359000-memory.dmpFilesize
676KB
-
memory/1124-58-0x00000000752B0000-0x0000000075359000-memory.dmpFilesize
676KB
-
memory/1124-59-0x0000000075360000-0x0000000075409000-memory.dmpFilesize
676KB