Overview

overview

5

Static

static

3

Clanwar1.0...mp.dll

windows7-x64

1

Clanwar1.0...mp.dll

windows10-2004-x64

3

Clanwar1.0/CWBase.dll

windows7-x64

1

Clanwar1.0/CWBase.dll

windows10-2004-x64

1

Clanwar1.0...ib.dll

windows7-x64

3

Clanwar1.0...ib.dll

windows10-2004-x64

3

Clanwar1.0...gr.dll

windows7-x64

1

Clanwar1.0...gr.dll

windows10-2004-x64

1

Clanwar1.0...le.dll

windows7-x64

1

Clanwar1.0...le.dll

windows10-2004-x64

5

Clanwar1.0...rt.exe

windows7-x64

1

Clanwar1.0...rt.exe

windows10-2004-x64

1

Clanwar1.0...le.dll

windows7-x64

5

Clanwar1.0...le.dll

windows10-2004-x64

5

Clanwar1.0/FNWar3.dll

windows7-x64

1

Clanwar1.0/FNWar3.dll

windows10-2004-x64

3

Clanwar1.0/GGWAR3.dll

windows7-x64

1

Clanwar1.0/GGWAR3.dll

windows10-2004-x64

3

Clanwar1.0/GHDx8.dll

windows7-x64

1

Clanwar1.0/GHDx8.dll

windows10-2004-x64

3

Clanwar1.0...ta.dll

windows7-x64

1

Clanwar1.0...ta.dll

windows10-2004-x64

1

Clanwar1.0...oc.dll

windows7-x64

1

Clanwar1.0...oc.dll

windows10-2004-x64

1

Clanwar1.0...ll.dll

windows7-x64

1

Clanwar1.0...ll.dll

windows10-2004-x64

1

Clanwar1.0...ar.exe

windows7-x64

1

Clanwar1.0...ar.exe

windows10-2004-x64

1

Clanwar1.0...gr.dll

windows7-x64

1

Clanwar1.0...gr.dll

windows10-2004-x64

1

Clanwar1.0...pt.dll

windows7-x64

3

Clanwar1.0...pt.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Clanwar1.0/EzIMClientModule.dll

  • Size

    424KB

  • MD5

    bc292a40ceaed5b8b8a61fa472b69b2a

  • SHA1

    1e6d81a43c030ce5d4cc5267ce1adaf298fedb1d

  • SHA256

    7b518889eb63355ddc5d334c45e081866e4ef41c9f8a7a911e345a5535906ca1

  • SHA512

    596640a33c0ed5b0cb191597927126dd25d1f3c551a26e6204f3a8bdd9ce10e9757d55449b32668971f51a8b8b2aa36439c8645d09abe80e1d1839fe0d7a8c86

  • SSDEEP

    6144:ttFyfQZMatkZOCvH92CVd6IB06a0Tx0vv/DNp/xPXSPKeQpUhV6YAOe0etmxj:RyfQZM+GOo9LTta0Ty/DRPX9eVgYD

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Clanwar1.0\EzIMClientModule.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Clanwar1.0\EzIMClientModule.dll,#1
      2⤵
      • Drops file in System32 directory
      PID:312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/312-2-0x0000000002E40000-0x0000000002E9C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/312-5-0x0000000002EA0000-0x0000000002EFB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/312-7-0x0000000002F00000-0x0000000002F1C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/312-1-0x0000000002DE0000-0x0000000002E3E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/312-0-0x0000000002DB0000-0x0000000002DD6000-memory.dmp

    Filesize

    152KB

    Download