Overview
overview
7Static
static
3淘宝批�...er.dll
windows7-x64
1淘宝批�...er.dll
windows10-2004-x64
3淘宝批�...in.dll
windows7-x64
1淘宝批�...in.dll
windows10-2004-x64
1淘宝批�...xz.exe
windows7-x64
7淘宝批�...xz.exe
windows10-2004-x64
7淘宝批�...��.url
windows7-x64
1淘宝批�...��.url
windows10-2004-x64
1淘宝批�...��.exe
windows7-x64
5淘宝批�...��.exe
windows10-2004-x64
1淘宝批�...��.url
windows7-x64
1淘宝批�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
51s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 22:56
Static task
static1
Behavioral task
behavioral1
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/UUWiseHelper.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/UUWiseHelper.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/eylogin.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/eylogin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/xz.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/xz.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/更多软件下载.url
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/更多软件下载.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/淘宝批量限购查询V1.0��.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/淘宝批量限购查询V1.0��.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/飘荡软件.url
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/飘荡软件.url
Resource
win10v2004-20240508-en
General
-
Target
淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】/UUWiseHelper.dll
-
Size
222KB
-
MD5
a146a88880ed46683ccda86fb796019c
-
SHA1
a74bceae4b85809fc0c8450358f6f968b8bfe3e9
-
SHA256
9bdbcfad5ff028466de710a99ef56491f7616072434d1d33b905144ef7a351eb
-
SHA512
bf164ef5fa5e7b2db89b4f0a502157db486a0b57fdec8c258114063c1b8710666b19f483c00a52bf21fd3b1d3e02943005ff9a2fbc184e5be867415a28357f04
-
SSDEEP
3072:GM5/rgV5vwvtIHxwqY/24mmQKkHQ5gHsYGFc6O+LpA/PX1rlssJsKVp6PW0:GM5/rW5IvUwWl85gHaFc6O+QJJVUW0
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2372 1344 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2760 wrote to memory of 1344 2760 rundll32.exe 81 PID 2760 wrote to memory of 1344 2760 rundll32.exe 81 PID 2760 wrote to memory of 1344 2760 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】\UUWiseHelper.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\淘宝批量限购查询V1.0破解版_by小众论坛【www.xzrj.cc】\UUWiseHelper.dll,#12⤵PID:1344
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 6843⤵
- Program crash
PID:2372
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1344 -ip 13441⤵PID:4520