Overview
overview
3Static
static
3mtkjw/HtmlView.dll
windows7-x64
1mtkjw/HtmlView.dll
windows10-2004-x64
1mtkjw/eAPI.dll
windows7-x64
1mtkjw/eAPI.dll
windows10-2004-x64
1mtkjw/iext.dll
windows7-x64
1mtkjw/iext.dll
windows10-2004-x64
1mtkjw/vclbase.dll
windows7-x64
1mtkjw/vclbase.dll
windows10-2004-x64
1mtkjw/必�...��.htm
windows7-x64
1mtkjw/必�...��.htm
windows10-2004-x64
1mtkjw/手�....0.exe
windows7-x64
1mtkjw/手�....0.exe
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 14:44
Static task
static1
Behavioral task
behavioral1
Sample
mtkjw/HtmlView.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
mtkjw/HtmlView.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
mtkjw/eAPI.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
mtkjw/eAPI.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
mtkjw/iext.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
mtkjw/iext.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
mtkjw/vclbase.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
mtkjw/vclbase.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
mtkjw/必看说明.htm
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
mtkjw/必看说明.htm
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
mtkjw/手机多功能定位监听终端系统R6.0.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
mtkjw/手机多功能定位监听终端系统R6.0.exe
Resource
win10v2004-20231222-en
General
-
Target
mtkjw/vclbase.dll
-
Size
876KB
-
MD5
aa4bb917ec754f0ce3a4cd90ace78ba6
-
SHA1
2be0c5d7a56529f7f838f7bea04ad6283355a9bf
-
SHA256
5b5184fb881e7bc95de31a510218ba06affb1e52c9593ae53c69388a285ff912
-
SHA512
c97c23e01bf27c76865ea6c44c0b64fc24598b92a619402516133b1c7536a44757934626711355ac173e085f34e70dae1aab85afbc61fb2ba853d44793270009
-
SSDEEP
12288:gmRfF8e019spmHcya1HH40sZ+IKjBTLb1Tw3oDp2rIaHVLcEgrobz+O:bBcspbY0sY1Vr1T4q2rI8N4ro
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1088 wrote to memory of 3284 1088 rundll32.exe 87 PID 1088 wrote to memory of 3284 1088 rundll32.exe 87 PID 1088 wrote to memory of 3284 1088 rundll32.exe 87