Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10-04-2024 14:46
Static task
static1
Behavioral task
behavioral1
Sample
客户端/20201108/D3DX81ab.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
客户端/20201108/D3DX81ab.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
客户端/20201108/libcro.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
客户端/20201108/libcro.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
客户端/20201108/管理程序.exe
Resource
win7-20240221-en
General
-
Target
客户端/20201108/libcro.dll
-
Size
74KB
-
MD5
eb21f4f06f900c89519ccf17a0ead35b
-
SHA1
ad30037f31f910ece2ba79fa30e55128d63059e6
-
SHA256
618e38e0e5ccdefbd4bc4987f60c40f1c2f733c2441ed2026d1530910d7196bd
-
SHA512
dd58edad7fdd0e8f352805f75bff7bfda1b016f0815b8df68b9947e456b47f140fc470dbf9ec37adc724601c27ca7276ba88bdc62573b44167bcd12c19cc482a
-
SSDEEP
1536:TW4k95Lkeu4BImLAEgioTc8AJsWjcd53aI/n5K:TWn5IyVGF53nc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2368 wrote to memory of 2000 2368 rundll32.exe 28 PID 2368 wrote to memory of 2000 2368 rundll32.exe 28 PID 2368 wrote to memory of 2000 2368 rundll32.exe 28 PID 2368 wrote to memory of 2000 2368 rundll32.exe 28 PID 2368 wrote to memory of 2000 2368 rundll32.exe 28 PID 2368 wrote to memory of 2000 2368 rundll32.exe 28 PID 2368 wrote to memory of 2000 2368 rundll32.exe 28