Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 15:15

General

  • Target

    4399生死狙击刷金币修改器/s_ju/asmls/need/ssjj.exe

  • Size

    139KB

  • MD5

    905842bf2f9ca3d8e6709db39ce2ca53

  • SHA1

    00f2e257e3088f6c38679d236a36670ad8093e35

  • SHA256

    880244dc437841e51a57083af3ebbb980142ce76dd90c6e632ce30dc17a68fe2

  • SHA512

    f677bc3110ccd6864a49043c5e47647f1a05f4cba5c3f24225b568616929dd8b93d0cb191d4aa11a0e45db7dcc11b282772863fe1062fe9bb122a7b5578e43ae

  • SSDEEP

    3072:hEV7QXYOoCruXshHG8eU+bu+LVQSBdS/VsuMa9InJrDmT2ZitUZfhdI:hO7QXPSshm86u+ZQ7tc5mgtZf

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4399生死狙击刷金币修改器\s_ju\asmls\need\ssjj.exe
    "C:\Users\Admin\AppData\Local\Temp\4399生死狙击刷金币修改器\s_ju\asmls\need\ssjj.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\as97Popup.ocx"
      2⤵
        PID:2992
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\FlexCell.ocx"
        2⤵
          PID:2840
        • C:\Windows\SysWOW64\regsvr32.exe
          regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\StoneXP.ocx"
          2⤵
            PID:2952
          • C:\Windows\SysWOW64\regsvr32.exe
            regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\x001.ocx"
            2⤵
              PID:2968

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1108-0-0x0000000000400000-0x00000000004AB000-memory.dmp

            Filesize

            684KB

          • memory/1108-3-0x0000000000400000-0x00000000004AB000-memory.dmp

            Filesize

            684KB