Overview
overview
7Static
static
7MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...te.exe
windows7-x64
1MirServer/...te.exe
windows10-2004-x64
1MirServer/...te.exe
windows7-x64
1MirServer/...te.exe
windows10-2004-x64
1MirServer/...30.exe
windows7-x64
1MirServer/...30.exe
windows10-2004-x64
1MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...ir.exe
windows7-x64
1MirServer/...ir.exe
windows10-2004-x64
1MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...rv.exe
windows7-x64
1MirServer/...rv.exe
windows10-2004-x64
1MirServer/...��.url
windows7-x64
1MirServer/...��.url
windows10-2004-x64
1MirServer/...��.exe
windows7-x64
1MirServer/...��.exe
windows10-2004-x64
1MirServer/...��.exe
windows7-x64
1MirServer/...��.exe
windows10-2004-x64
1MirServer/...�.html
windows7-x64
1MirServer/...�.html
windows10-2004-x64
1Analysis
-
max time kernel
158s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16-05-2024 00:06
Behavioral task
behavioral1
Sample
MirServer/GameLog/LogDataSrv/LogDataServer.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
MirServer/GameLog/LogDataSrv/LogDataServer.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
MirServer/Gate_Server/LoginGate/LoginGate.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral4
Sample
MirServer/Gate_Server/LoginGate/LoginGate.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MirServer/Gate_Server/RunGate/RunGate.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral6
Sample
MirServer/Gate_Server/RunGate/RunGate.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
MirServer/Gate_Server/SelChrGate/Gate30.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral8
Sample
MirServer/Gate_Server/SelChrGate/Gate30.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
MirServer/Mir200/M2Server.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
MirServer/Mir200/M2Server.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
MirServer/Mir200/Mir.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
MirServer/Mir200/Mir.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
MirServer/Mud2/DBSrv200/DBServer.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral14
Sample
MirServer/Mud2/DBSrv200/DBServer.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
MirServer/Mud2/LogSrv/LoginSrv.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
MirServer/Mud2/LogSrv/LoginSrv.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
MirServer/上万免费版本下载基地.url
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral18
Sample
MirServer/上万免费版本下载基地.url
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
MirServer/我本沉默传奇启动程序.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
MirServer/我本沉默传奇启动程序.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
MirServer/我本沉默配套登陆器/我本沉默.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
MirServer/我本沉默配套登陆器/我本沉默.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
MirServer/说明文件/版本历史.html
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral24
Sample
MirServer/说明文件/版本历史.html
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
MirServer/我本沉默配套登陆器/我本沉默.exe
-
Size
1.2MB
-
MD5
7132282a46f0b0976785cbb0be6fcfaf
-
SHA1
97bd5dac791a677e2dce3966e82f6522fc1bae00
-
SHA256
1db273a560bc26111eea32f0a85669f7d2650bb57ad2daffc80777e419655eb0
-
SHA512
69eab997bca6fd5dd86d44afd315c0b3b558658c4d119eea6e223e4dbfc479e391bc79fb76a2c0e6737c42ce4e37bbe2735c6730ca4094dc24d72bfd73069b4a
-
SSDEEP
24576:7B4YhqjMuhEAJjvsmJlDFT/Ya9zWMmkl9RKxRSfcFPVL7Pd:7BPyEqkmJlhTX9mwYtJPd
Malware Config
Signatures
-
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe 1916 我本沉默.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1916 我本沉默.exe 1916 我本沉默.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MirServer\我本沉默配套登陆器\我本沉默.exe"C:\Users\Admin\AppData\Local\Temp\MirServer\我本沉默配套登陆器\我本沉默.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4008 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:81⤵PID:1980