c91a305fb7500a8339d056be31bd9fe8c4b05eacc8521f2bc9a60df50cfa46df | Triage

Analysis

max time kernel
138s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 15:10

Sharing

Report Analysis Logs

General

Target

小强捕鱼大亨辅助V2.5.exe
Size

2.4MB
MD5

ffb7f97f7e9e622c9c3230ef9dc73ba8
SHA1

8f63a601fd0bf4df365e7eaba1198cdc0cbfe0d9
SHA256

7cef9666858acb39136bd8d479f73664304ff3cb83de6d79fd9058ed173743b0
SHA512

ebdf9a895a7a85c9d378b549b10c6a8152192e7e04d13651fcf200f827f6ce9c8946af045e4085776fbba1b454eb0d3067454c484d71fcdd4a3bc55073c0c2b3
SSDEEP

49152:9s58LfjKruyJHYg4tV7eUFnpD5mQcY/3kK:SOLbynJ41VaUFpt7JkK

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2456	小强捕鱼大亨辅助V2.5.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SkinH_EL.dll	小强捕鱼大亨辅助V2.5.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1244	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1244	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2456	小强捕鱼大亨辅助V2.5.exe
2456	小强捕鱼大亨辅助V2.5.exe

C:\Users\Admin\AppData\Local\Temp\小强捕鱼大亨辅助V2.5.exe
"C:\Users\Admin\AppData\Local\Temp\小强捕鱼大亨辅助V2.5.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3cc 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\SkinH_EL.dll

Filesize
688KB

MD5
bd42ef63fc0f79fdaaeca95d62a96bbb

SHA1
97ca8ccb0e6f7ffeb05dc441b2427feb0b634033

SHA256
573cf4e4dfa8fe51fc8b80b79cd626cb861260d26b6e4f627841e11b4dce2f48

SHA512
431b5487003add16865538de428bf518046ee97ab6423d88f92cda4ff263f971c0cf3827049465b9288a219cc32698fd687939c7c648870dd7d8d6776735c93c

Download Submit