Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 09:55

General

  • Target

    GongShaFuZhu13/【x1】攻沙辅助/plugin/READ.dll

  • Size

    1.1MB

  • MD5

    daa9fd7d53682402007b0c23d53d8388

  • SHA1

    4e2fe5e848d1c45896d5c7ed9b910c511c60c5d2

  • SHA256

    1b0d6b44500e8fd35eed25b6951689e32b69dfc722459dcad71c252d2117dfae

  • SHA512

    57bf5971b2ad33aa3d8b62184bd43e09bf40d0c798e7455438d36e947f55c4cfd1108555994b84d57dbff7d88c853d5541c9e25ca6ee25f0d755cbab1ea396f3

  • SSDEEP

    24576:Am3S712XoymTONjtHmT6klfan//UbU9Gz:H1jtM+/Ubhz

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\GongShaFuZhu13\【x1】攻沙辅助\plugin\READ.dll,#1
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1856
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\GongShaFuZhu13\【x1】攻沙辅助\plugin\READ.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads