Analysis
-
max time kernel
132s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 11:52
Behavioral task
behavioral1
Sample
恋雪系统变速器 1.4 Beta2/lxspeed.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
恋雪系统变速器 1.4 Beta2/lxspeed.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
恋雪系统变速器 1.4 Beta2/恋雪系统变速器 1.4 Beta2.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
恋雪系统变速器 1.4 Beta2/恋雪系统变速器 1.4 Beta2.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
恋雪系统变速器 1.4 Beta2/红豆软件站.url
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
恋雪系统变速器 1.4 Beta2/红豆软件站.url
Resource
win10v2004-20240419-en
General
-
Target
恋雪系统变速器 1.4 Beta2/lxspeed.dll
-
Size
103KB
-
MD5
8005750ec63eb5292884ad6183ae2e77
-
SHA1
c83e31655e271cd9ef5bff62b10f8d51eb3ebf29
-
SHA256
df9f56c4da160101567b0526845228ee481ee7d2f98391696fa27fe41f8acf15
-
SHA512
febbc6374e9a5c7c9029ccbff2c0ecf448d76927c8d720a4eae513b345d2a3f6de8cf774ae40dcd335af59537666e83ce994ec0adc8b9e8ab4575415e3c3e206
-
SSDEEP
3072:75yP416sLgrTWiKc0rUH9rRq/SJIJmECqc2QOeH:czsMH0Yl2QE3zY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3048 wrote to memory of 4820 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 4820 3048 rundll32.exe rundll32.exe PID 3048 wrote to memory of 4820 3048 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\恋雪系统变速器 1.4 Beta2\lxspeed.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\恋雪系统变速器 1.4 Beta2\lxspeed.dll",#12⤵PID:4820