Overview
overview
7Static
static
74399生死...��.exe
windows7-x64
14399生死...��.exe
windows10-2004-x64
14399生死...ir.dll
windows7-x64
14399生死...ir.dll
windows10-2004-x64
14399生死...30.dll
windows7-x64
54399生死...30.dll
windows10-2004-x64
54399生死...jj.exe
windows7-x64
14399生死...jj.exe
windows10-2004-x64
14399生死...nt.dll
windows7-x64
14399生死...nt.dll
windows10-2004-x64
1使用说明.url
windows7-x64
1使用说明.url
windows10-2004-x64
1极速软�...��.url
windows7-x64
1极速软�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-05-2024 15:15
Behavioral task
behavioral1
Sample
4399生死狙击刷金币修改器/4399生死狙击刷金币修改器.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4399生死狙击刷金币修改器/4399生死狙击刷金币修改器.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
4399生死狙击刷金币修改器/s_ju/asmls/Dir.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
4399生死狙击刷金币修改器/s_ju/asmls/Dir.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
4399生死狙击刷金币修改器/s_ju/asmls/Dnz_30.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
4399生死狙击刷金币修改器/s_ju/asmls/Dnz_30.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
4399生死狙击刷金币修改器/s_ju/asmls/need/ssjj.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
4399生死狙击刷金币修改器/s_ju/asmls/need/ssjj.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
4399生死狙击刷金币修改器/s_ju/down_01/Basement.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
4399生死狙击刷金币修改器/s_ju/down_01/Basement.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
使用说明.url
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
使用说明.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
极速软件下载.url
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
极速软件下载.url
Resource
win10v2004-20240508-en
General
-
Target
4399生死狙击刷金币修改器/s_ju/asmls/need/ssjj.exe
-
Size
139KB
-
MD5
905842bf2f9ca3d8e6709db39ce2ca53
-
SHA1
00f2e257e3088f6c38679d236a36670ad8093e35
-
SHA256
880244dc437841e51a57083af3ebbb980142ce76dd90c6e632ce30dc17a68fe2
-
SHA512
f677bc3110ccd6864a49043c5e47647f1a05f4cba5c3f24225b568616929dd8b93d0cb191d4aa11a0e45db7dcc11b282772863fe1062fe9bb122a7b5578e43ae
-
SSDEEP
3072:hEV7QXYOoCruXshHG8eU+bu+LVQSBdS/VsuMa9InJrDmT2ZitUZfhdI:hO7QXPSshm86u+ZQ7tc5mgtZf
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1348 ssjj.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1348 wrote to memory of 4000 1348 ssjj.exe 83 PID 1348 wrote to memory of 4000 1348 ssjj.exe 83 PID 1348 wrote to memory of 4000 1348 ssjj.exe 83 PID 1348 wrote to memory of 1600 1348 ssjj.exe 84 PID 1348 wrote to memory of 1600 1348 ssjj.exe 84 PID 1348 wrote to memory of 1600 1348 ssjj.exe 84 PID 1348 wrote to memory of 1972 1348 ssjj.exe 85 PID 1348 wrote to memory of 1972 1348 ssjj.exe 85 PID 1348 wrote to memory of 1972 1348 ssjj.exe 85 PID 1348 wrote to memory of 3712 1348 ssjj.exe 86 PID 1348 wrote to memory of 3712 1348 ssjj.exe 86 PID 1348 wrote to memory of 3712 1348 ssjj.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\4399生死狙击刷金币修改器\s_ju\asmls\need\ssjj.exe"C:\Users\Admin\AppData\Local\Temp\4399生死狙击刷金币修改器\s_ju\asmls\need\ssjj.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1348 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\as97Popup.ocx"2⤵PID:4000
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\FlexCell.ocx"2⤵PID:1600
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\StoneXP.ocx"2⤵PID:1972
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\4399??????????\s_ju\asmls\need\x001.ocx"2⤵PID:3712
-