Overview

overview

7

Static

static

3

JJmatch-v20101124.exe

windows7-x64

7

JJmatch-v20101124.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

GCSkin/Def...t1.ps1

windows7-x64

3

GCSkin/Def...t1.ps1

windows10-2004-x64

3

LordTheme/...n0.ps1

windows7-x64

3

LordTheme/...n0.ps1

windows10-2004-x64

3

TKChatCtrl.dll

windows7-x64

1

TKChatCtrl.dll

windows10-2004-x64

1

TKEmotionPlayer.dll

windows7-x64

1

TKEmotionPlayer.dll

windows10-2004-x64

1

TKGC.exe

windows7-x64

1

TKGC.exe

windows10-2004-x64

1

TKGameChatCtrl.dll

windows7-x64

3

TKGameChatCtrl.dll

windows10-2004-x64

3

TKLobby.exe

windows7-x64

1

TKLobby.exe

windows10-2004-x64

1

TKLobby.exe

windows7-x64

1

TKLobby.exe

windows10-2004-x64

1

TKLord.exe

windows7-x64

1

TKLord.exe

windows10-2004-x64

1

TKLordDll.dll

windows7-x64

5

TKLordDll.dll

windows10-2004-x64

5

TKMahjongDll.dll

windows7-x64

4

TKMahjongDll.dll

windows10-2004-x64

4

TKMatchInfo.dll

windows7-x64

1

TKMatchInfo.dll

windows10-2004-x64

1

TKProducts...ion.js

windows7-x64

3

TKProducts...ion.js

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TKMahjongDll.dll

  • Size

    376KB

  • MD5

    780cefe6264ed47928e41018bc3c1814

  • SHA1

    897141fa2995194cc8584459377cba44a97433e1

  • SHA256

    9eafb555cd905b879c6d0583c30e6c663aecd7ec7ccd45ff599cf0ded5cbff83

  • SHA512

    b9db7a796325966c9383f3f87bdf8908249ef63b1d4c40c349392ce5f4b281079b676629ac49a85a082c69eeca010c9b64ddf14bdd73d3e2f5ff1e1dce622d11

  • SSDEEP

    6144:nCchuiA6nLd8U/Fu4FFlYATK98FqBcGKWPriqJX+duYfu9:EiAunFu47tTBqBcGUqcdU9

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\TKMahjongDll.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\TKMahjongDll.dll,#1
      2⤵
      • Drops file in Program Files directory
      • Checks processor information in registry
      PID:3736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads