Overview
overview
7Static
static
74399生死...��.exe
windows7-x64
14399生死...��.exe
windows10-2004-x64
14399生死...ir.dll
windows7-x64
14399生死...ir.dll
windows10-2004-x64
14399生死...30.dll
windows7-x64
54399生死...30.dll
windows10-2004-x64
54399生死...jj.exe
windows7-x64
14399生死...jj.exe
windows10-2004-x64
14399生死...nt.dll
windows7-x64
14399生死...nt.dll
windows10-2004-x64
1使用说明.url
windows7-x64
1使用说明.url
windows10-2004-x64
1极速软�...��.url
windows7-x64
1极速软�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
16-05-2024 15:15
Behavioral task
behavioral1
Sample
4399生死狙击刷金币修改器/4399生死狙击刷金币修改器.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4399生死狙击刷金币修改器/4399生死狙击刷金币修改器.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
4399生死狙击刷金币修改器/s_ju/asmls/Dir.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
4399生死狙击刷金币修改器/s_ju/asmls/Dir.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
4399生死狙击刷金币修改器/s_ju/asmls/Dnz_30.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
4399生死狙击刷金币修改器/s_ju/asmls/Dnz_30.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
4399生死狙击刷金币修改器/s_ju/asmls/need/ssjj.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
4399生死狙击刷金币修改器/s_ju/asmls/need/ssjj.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
4399生死狙击刷金币修改器/s_ju/down_01/Basement.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
4399生死狙击刷金币修改器/s_ju/down_01/Basement.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
使用说明.url
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
使用说明.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
极速软件下载.url
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
极速软件下载.url
Resource
win10v2004-20240508-en
General
-
Target
4399生死狙击刷金币修改器/s_ju/asmls/need/ssjj.exe
-
Size
139KB
-
MD5
905842bf2f9ca3d8e6709db39ce2ca53
-
SHA1
00f2e257e3088f6c38679d236a36670ad8093e35
-
SHA256
880244dc437841e51a57083af3ebbb980142ce76dd90c6e632ce30dc17a68fe2
-
SHA512
f677bc3110ccd6864a49043c5e47647f1a05f4cba5c3f24225b568616929dd8b93d0cb191d4aa11a0e45db7dcc11b282772863fe1062fe9bb122a7b5578e43ae
-
SSDEEP
3072:hEV7QXYOoCruXshHG8eU+bu+LVQSBdS/VsuMa9InJrDmT2ZitUZfhdI:hO7QXPSshm86u+ZQ7tc5mgtZf
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1108 ssjj.exe -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 1108 wrote to memory of 2992 1108 ssjj.exe 28 PID 1108 wrote to memory of 2992 1108 ssjj.exe 28 PID 1108 wrote to memory of 2992 1108 ssjj.exe 28 PID 1108 wrote to memory of 2992 1108 ssjj.exe 28 PID 1108 wrote to memory of 2992 1108 ssjj.exe 28 PID 1108 wrote to memory of 2992 1108 ssjj.exe 28 PID 1108 wrote to memory of 2992 1108 ssjj.exe 28 PID 1108 wrote to memory of 2840 1108 ssjj.exe 29 PID 1108 wrote to memory of 2840 1108 ssjj.exe 29 PID 1108 wrote to memory of 2840 1108 ssjj.exe 29 PID 1108 wrote to memory of 2840 1108 ssjj.exe 29 PID 1108 wrote to memory of 2840 1108 ssjj.exe 29 PID 1108 wrote to memory of 2840 1108 ssjj.exe 29 PID 1108 wrote to memory of 2840 1108 ssjj.exe 29 PID 1108 wrote to memory of 2952 1108 ssjj.exe 30 PID 1108 wrote to memory of 2952 1108 ssjj.exe 30 PID 1108 wrote to memory of 2952 1108 ssjj.exe 30 PID 1108 wrote to memory of 2952 1108 ssjj.exe 30 PID 1108 wrote to memory of 2952 1108 ssjj.exe 30 PID 1108 wrote to memory of 2952 1108 ssjj.exe 30 PID 1108 wrote to memory of 2952 1108 ssjj.exe 30 PID 1108 wrote to memory of 2968 1108 ssjj.exe 31 PID 1108 wrote to memory of 2968 1108 ssjj.exe 31 PID 1108 wrote to memory of 2968 1108 ssjj.exe 31 PID 1108 wrote to memory of 2968 1108 ssjj.exe 31 PID 1108 wrote to memory of 2968 1108 ssjj.exe 31 PID 1108 wrote to memory of 2968 1108 ssjj.exe 31 PID 1108 wrote to memory of 2968 1108 ssjj.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\4399生死狙击刷金币修改器\s_ju\asmls\need\ssjj.exe"C:\Users\Admin\AppData\Local\Temp\4399生死狙击刷金币修改器\s_ju\asmls\need\ssjj.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\as97Popup.ocx"2⤵PID:2992
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\FlexCell.ocx"2⤵PID:2840
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\StoneXP.ocx"2⤵PID:2952
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\x001.ocx"2⤵PID:2968
-