Overview
overview
7Static
static
7155绿色�...��.url
windows7-x64
1155绿色�...��.url
windows10-2004-x64
1三好1010版.exe
windows7-x64
3三好1010版.exe
windows10-2004-x64
3$COMMONFIL...le.dll
windows7-x64
1$COMMONFIL...le.dll
windows10-2004-x64
1$COMMONFIL...AP.exe
windows7-x64
1$COMMONFIL...AP.exe
windows10-2004-x64
1$COMMONFIL...np.dll
windows7-x64
3$COMMONFIL...np.dll
windows10-2004-x64
3$COMMONFIL...el.dll
windows7-x64
1$COMMONFIL...el.dll
windows10-2004-x64
1$COMMONFIL...ll.dll
windows7-x64
1$COMMONFIL...ll.dll
windows10-2004-x64
1$COMMONFIL...yD.dll
windows7-x64
1$COMMONFIL...yD.dll
windows10-2004-x64
1$COMMONFIL...ve.dll
windows7-x64
1$COMMONFIL...ve.dll
windows10-2004-x64
1$COMMONFIL...ir.dll
windows7-x64
1$COMMONFIL...ir.dll
windows10-2004-x64
1$COMMONFIL...er.dll
windows7-x64
3$COMMONFIL...er.dll
windows10-2004-x64
3$COMMONFIL...op.dll
windows7-x64
1$COMMONFIL...op.dll
windows10-2004-x64
3$COMMONFIL...AC.dll
windows7-x64
1$COMMONFIL...AC.dll
windows10-2004-x64
1$COMMONFIL....0.dll
windows7-x64
1$COMMONFIL....0.dll
windows10-2004-x64
1$COMMONFIL...VC.dll
windows7-x64
1$COMMONFIL...VC.dll
windows10-2004-x64
1$COMMONFIL...CE.dll
windows7-x64
1$COMMONFIL...CE.dll
windows10-2004-x64
1Analysis
-
max time kernel
126s -
max time network
160s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/04/2024, 23:58
Behavioral task
behavioral1
Sample
155绿色软件站.url
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
155绿色软件站.url
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
三好1010版.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral4
Sample
三好1010版.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$COMMONFILES/PPLiveNetwork/MngModule.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
$COMMONFILES/PPLiveNetwork/MngModule.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$COMMONFILES/PPLiveNetwork/PPAP.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
$COMMONFILES/PPLiveNetwork/PPAP.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$COMMONFILES/PPLiveNetwork/kernel/FWUpnp.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
$COMMONFILES/PPLiveNetwork/kernel/FWUpnp.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$COMMONFILES/PPLiveNetwork/kernel/Hookkernel.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
$COMMONFILES/PPLiveNetwork/kernel/Hookkernel.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$COMMONFILES/PPLiveNetwork/kernel/PPHookShell.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
$COMMONFILES/PPLiveNetwork/kernel/PPHookShell.dll
Resource
win10v2004-20240319-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$COMMONFILES/PPLiveNetwork/kernel/VAProxyD.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
$COMMONFILES/PPLiveNetwork/kernel/VAProxyD.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$COMMONFILES/PPLiveNetwork/kernel/live/Live.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
$COMMONFILES/PPLiveNetwork/kernel/live/Live.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$COMMONFILES/PPLiveNetwork/kernel/live/mir.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
$COMMONFILES/PPLiveNetwork/kernel/live/mir.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$COMMONFILES/PPLiveNetwork/kernel/peer.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral22
Sample
$COMMONFILES/PPLiveNetwork/kernel/peer.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$COMMONFILES/PPLiveNetwork/kernel/sop.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
$COMMONFILES/PPLiveNetwork/kernel/sop.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$COMMONFILES/PPLiveNetwork/player/CoreAAC.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
$COMMONFILES/PPLiveNetwork/player/CoreAAC.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$COMMONFILES/PPLiveNetwork/player/CoreAVC.2.0.0.0.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
$COMMONFILES/PPLiveNetwork/player/CoreAVC.2.0.0.0.dll
Resource
win10v2004-20240319-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$COMMONFILES/PPLiveNetwork/player/CoreAVC.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
$COMMONFILES/PPLiveNetwork/player/CoreAVC.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$COMMONFILES/PPLiveNetwork/player/HTTP_ASF_SOURCE.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
$COMMONFILES/PPLiveNetwork/player/HTTP_ASF_SOURCE.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
$COMMONFILES/PPLiveNetwork/kernel/PPHookShell.dll
-
Size
241KB
-
MD5
f9b346bcfec4605755d4435e8eac34a1
-
SHA1
f694ece30381ca9dc37e18030454a56a737ce4a4
-
SHA256
e0596457bec914a3281ad614a23c1c3c11bd9c95ddabf090d68d3bca4854c92a
-
SHA512
60a17bd0b971690818b26e45ee8ca335e3b1820ac73d229f54b55b2e23acb051a45c00275a5ea1b35ac1caf2d1626fed34f0296fc8d7a41b0139b0aa0e226e7b
-
SSDEEP
3072:LZFvombK4A6NvgJvcYwUuSaEwTG4SJK7hqmYLzhJR7CIgNldwr73GPAG3StoIZTx:rKI5UcdUuSaEwa4S0qmATpHgNTljIBF
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2884 wrote to memory of 1568 2884 rundll32.exe 28 PID 2884 wrote to memory of 1568 2884 rundll32.exe 28 PID 2884 wrote to memory of 1568 2884 rundll32.exe 28 PID 2884 wrote to memory of 1568 2884 rundll32.exe 28 PID 2884 wrote to memory of 1568 2884 rundll32.exe 28 PID 2884 wrote to memory of 1568 2884 rundll32.exe 28 PID 2884 wrote to memory of 1568 2884 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\PPLiveNetwork\kernel\PPHookShell.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\PPLiveNetwork\kernel\PPHookShell.dll,#12⤵PID:1568
-