Overview

overview

3

Static

static

3

QQ超级�...p1.dll

windows7-x64

3

QQ超级�...p1.dll

windows10-2004-x64

3

QQ超级�...xt.dll

windows7-x64

1

QQ超级�...xt.dll

windows10-2004-x64

1

QQ超级�...pt.dll

windows7-x64

1

QQ超级�...pt.dll

windows10-2004-x64

1

QQ超级�...ec.dll

windows7-x64

1

QQ超级�...ec.dll

windows10-2004-x64

1

QQ超级�...ib.dll

windows7-x64

1

QQ超级�...ib.dll

windows10-2004-x64

1

QQ超级�...��.url

windows7-x64

1

QQ超级�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2024, 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QQ超级农民/dp1.dll

  • Size

    112KB

  • MD5

    6d4b2e73f6f8ecff02f19f7e8ef9a8c7

  • SHA1

    09c32ca167136a17fd69df8c525ea5ffeca6c534

  • SHA256

    fe5783e64aa70fac10c2e42d460732d9770534357329d8bc78576557c165f040

  • SHA512

    2fd7a95cb632e9c4ac6b34e5b6b875aae94e73cd4b1f213e78f46dadab4846227a030776461bca08f9d75a1d61a0d45427f7b0c8b71406b7debc14db04b2ce04

  • SSDEEP

    1536:IxM5MufmW0C3flmskqT0qYvwDr3cFoWPrE:IxMmomWP3fQEFrsFoWT

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\QQ超级农民\dp1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\QQ超级农民\dp1.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 224
        3⤵
        • Program crash
        PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads