Overview
overview
7Static
static
79553下载站.url
windows7-x64
19553下载站.url
windows10-2004-x64
1QQ飞车�...ll.dll
windows7-x64
1QQ飞车�...ll.dll
windows10-2004-x64
1QQ飞车�...02.dll
windows7-x64
1QQ飞车�...02.dll
windows10-2004-x64
3QQ飞车�...S5.dll
windows7-x64
1QQ飞车�...S5.dll
windows10-2004-x64
3QQ飞车�...10.dll
windows7-x64
1QQ飞车�...10.dll
windows10-2004-x64
3QQ飞车�...ND.dll
windows7-x64
1QQ飞车�...ND.dll
windows10-2004-x64
3QQ飞车�...FT.dll
windows7-x64
7QQ飞车�...FT.dll
windows10-2004-x64
7QQ飞车�...LE.dll
windows7-x64
1QQ飞车�...LE.dll
windows10-2004-x64
3QQ飞车�...UG.dll
windows7-x64
1QQ飞车�...UG.dll
windows10-2004-x64
1QQ飞车�...SG.dll
windows7-x64
1QQ飞车�...SG.dll
windows10-2004-x64
3QQ飞车�...ET.dll
windows7-x64
7QQ飞车�...ET.dll
windows10-2004-x64
7QQ飞车�...LL.dll
windows7-x64
1QQ飞车�...LL.dll
windows10-2004-x64
1QQ飞车�...YS.dll
windows7-x64
1QQ飞车�...YS.dll
windows10-2004-x64
3QQ飞车�...OW.dll
windows7-x64
1QQ飞车�...OW.dll
windows10-2004-x64
3QQ飞车�...X6.dll
windows7-x64
1QQ飞车�...X6.dll
windows10-2004-x64
3QQ飞车�....6.exe
windows7-x64
1QQ飞车�....6.exe
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 12:33
Behavioral task
behavioral1
Sample
9553下载站.url
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
9553下载站.url
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/cfgdll.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/cfgdll.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/BGKMS4_02.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral6
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/BGKMS4_02.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/BGKMS5.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/BGKMS5.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/BGKMS6_10.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/BGKMS6_10.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/BKGND.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/BKGND.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/DBSOFT.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/DBSOFT.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/FILE.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral16
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/FILE.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/LXJ_PLUG.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral18
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/LXJ_PLUG.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/MSG.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral20
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/MSG.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/ONIONNET.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/ONIONNET.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/REGDLL.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral24
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/REGDLL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/SYS.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/SYS.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/WINDOW.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral28
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/WINDOW.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/WNDEX6.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/WNDEX6.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/老鬼辅助 - VIP丨官方版v3.6.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral32
Sample
QQ飞车老鬼辅助 3.6/点此打开辅助!/老鬼辅助 - VIP丨官方版v3.6.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
QQ飞车老鬼辅助 3.6/点此打开辅助!/plugin/WINDOW.dll
-
Size
44KB
-
MD5
4c462a5ff18e333b767ea44c318c05c2
-
SHA1
eb0f1bcd62382d4320532b330abf5cbdddd4a409
-
SHA256
efda60b95d43a51e54cf9f44278f36d1717e21c78686fa2157395b5635951b41
-
SHA512
11a8b2ee9e2b8431ddb81bbc3fa3bb596f9e2e11360f99b649017332c3b93eaa2efe105a2045285822e6d62663dec68b1c0d2a8a863f03fcec40cf04172d7139
-
SSDEEP
384:x3HTWhA1JTdS9XzugUBzutX4ut2mX1rNYGFyYVeYcDPDHp3BnH:x3mA1rUulBKtLt2mX1rNnyHYcDPDn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2296 wrote to memory of 2132 2296 regsvr32.exe 28 PID 2296 wrote to memory of 2132 2296 regsvr32.exe 28 PID 2296 wrote to memory of 2132 2296 regsvr32.exe 28 PID 2296 wrote to memory of 2132 2296 regsvr32.exe 28 PID 2296 wrote to memory of 2132 2296 regsvr32.exe 28 PID 2296 wrote to memory of 2132 2296 regsvr32.exe 28 PID 2296 wrote to memory of 2132 2296 regsvr32.exe 28