Overview
overview
10Static
static
10VDFilterPack.exe
windows7-x64
7VDFilterPack.exe
windows10-2004-x64
7Video Enha...��.bat
windows7-x64
3Video Enha...��.bat
windows10-2004-x64
3Video Enha...��.bat
windows7-x64
3Video Enha...��.bat
windows10-2004-x64
3Video Enha...om.url
windows7-x64
1Video Enha...om.url
windows10-2004-x64
1Video Enha...er.dll
windows7-x64
1Video Enha...er.dll
windows10-2004-x64
1Video Enha...SR.dll
windows7-x64
1Video Enha...SR.dll
windows10-2004-x64
1Video Enha...ax.dll
windows7-x64
1Video Enha...ax.dll
windows10-2004-x64
1Video Enha...er.dll
windows7-x64
1Video Enha...er.dll
windows10-2004-x64
1Video Enha...AN.dll
windows7-x64
3Video Enha...AN.dll
windows10-2004-x64
3Video Enha...BW.dll
windows7-x64
3Video Enha...BW.dll
windows10-2004-x64
3Video Enha...ce.dll
windows7-x64
3Video Enha...ce.dll
windows10-2004-x64
3Video Enha...35.dll
windows7-x64
3Video Enha...35.dll
windows10-2004-x64
3Video Enha...ce.dll
windows7-x64
3Video Enha...ce.dll
windows10-2004-x64
3Video Enha...ed.dll
windows7-x64
3Video Enha...ed.dll
windows10-2004-x64
3Video Enha...er.dll
windows7-x64
7Video Enha...er.dll
windows10-2004-x64
7Video Enha....8.dll
windows7-x64
7Video Enha....8.dll
windows10-2004-x64
7Analysis
-
max time kernel
92s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
21-07-2024 18:40
Behavioral task
behavioral1
Sample
VDFilterPack.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
VDFilterPack.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Video Enhancerv2013汉化绿色破解版/!)卸载.bat
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
Video Enhancerv2013汉化绿色破解版/!)卸载.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Video Enhancerv2013汉化绿色破解版/!)绿化.bat
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
Video Enhancerv2013汉化绿色破解版/!)绿化.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Video Enhancerv2013汉化绿色破解版/@绿化-无广告Greenhua.com.url
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
Video Enhancerv2013汉化绿色破解版/@绿化-无广告Greenhua.com.url
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Video Enhancerv2013汉化绿色破解版/Parallelizer.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
Video Enhancerv2013汉化绿色破解版/Parallelizer.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Video Enhancerv2013汉化绿色破解版/SR.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
Video Enhancerv2013汉化绿色破解版/SR.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Video Enhancerv2013汉化绿色破解版/SR.ax.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
Video Enhancerv2013汉化绿色破解版/SR.ax.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Video Enhancerv2013汉化绿色破解版/VDFilter.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
Video Enhancerv2013汉化绿色破解版/VDFilter.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/2DCLEAN.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral18
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/2DCLEAN.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/ACOBW.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/ACOBW.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/AsvzzzDeinterlace.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/AsvzzzDeinterlace.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/BrdCntrl235.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/BrdCntrl235.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/Deinterlace.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/Deinterlace.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/DeinterlaceAreaBased.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral28
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/DeinterlaceAreaBased.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/MSU_Cartoonizer.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/MSU_Cartoonizer.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/MSU_SmartDeblock_0.8.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
Video Enhancerv2013汉化绿色破解版/VDFilterPack/MSU_SmartDeblock_0.8.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
Video Enhancerv2013汉化绿色破解版/SR.ax.dll
-
Size
140KB
-
MD5
f3c3883c90312150e919d1be5a453c0c
-
SHA1
e5886433d4fe53f7ccec886a618b6762e632607a
-
SHA256
5b6af85a500e54a46585f745ab3a3c71eadfad7e174e79bd1b4e8e3d92084fa7
-
SHA512
0f2fb6e9c1f414c70cfbec3ddd09f44f22d697dca8395ff2d1f4a9c15905b02f507c3d18c9d016abf7514806373a51cf33cc0482af9d1ca23a5d690ff93fc4a4
-
SSDEEP
3072:ErhTwudmfQjOTHwptElvQFNEny8mrwsAQsg0Kmn6cEKy:HuIFTHRvQogCQsg0Kmn6hKy
Malware Config
Signatures
-
Modifies registry class 14 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB}\ = "Dee Mon's Super Resolution" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B9FF6E0-8D9D-4590-A7B8-D702BC52777A}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB}\FriendlyName = "Dee Mon's Super Resolution" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B9FF6E0-8D9D-4590-A7B8-D702BC52777A}\ = "Super Resolution Property Page" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B9FF6E0-8D9D-4590-A7B8-D702BC52777A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Video Enhancerv2013???????\\SR.ax.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB}\CLSID = "{60AC281F-8333-44CF-9856-2CE2D6C0A1EB}" regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000007669647300001000800000aa00389b7100000000000000000000000000000000 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Video Enhancerv2013???????\\SR.ax.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{60AC281F-8333-44CF-9856-2CE2D6C0A1EB}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B9FF6E0-8D9D-4590-A7B8-D702BC52777A} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B9FF6E0-8D9D-4590-A7B8-D702BC52777A}\InprocServer32 regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2092 wrote to memory of 2360 2092 regsvr32.exe 83 PID 2092 wrote to memory of 2360 2092 regsvr32.exe 83 PID 2092 wrote to memory of 2360 2092 regsvr32.exe 83
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\Video Enhancerv2013汉化绿色破解版\SR.ax.dll"1⤵
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Windows\SysWOW64\regsvr32.exe/s "C:\Users\Admin\AppData\Local\Temp\Video Enhancerv2013汉化绿色破解版\SR.ax.dll"2⤵
- Modifies registry class
PID:2360
-