Overview

overview

3

Static

static

3

155绿色�...��.url

windows7-x64

1

155绿色�...��.url

windows10-2004-x64

1

ICSharpCod...ib.dll

windows7-x64

1

ICSharpCod...ib.dll

windows10-2004-x64

1

Interop.Qu...ib.dll

windows7-x64

1

Interop.Qu...ib.dll

windows10-2004-x64

1

Jayrock.Json.dll

windows7-x64

1

Jayrock.Json.dll

windows10-2004-x64

1

Jayrock.dll

windows7-x64

1

Jayrock.dll

windows10-2004-x64

1

Jint.dll

windows7-x64

1

Jint.dll

windows10-2004-x64

1

Microsoft.mshtml.dll

windows7-x64

1

Microsoft.mshtml.dll

windows10-2004-x64

1

UpdateOnline.exe

windows7-x64

1

UpdateOnline.exe

windows10-2004-x64

1

log4net.dll

windows7-x64

1

log4net.dll

windows10-2004-x64

1

mymsg.htm

windows7-x64

3

mymsg.htm

windows10-2004-x64

3

skincrafte...05.dll

windows7-x64

3

skincrafte...05.dll

windows10-2004-x64

3

对时软件.exe

windows7-x64

3

对时软件.exe

windows10-2004-x64

3

算法小�...��.exe

windows7-x64

1

算法小�...��.exe

windows10-2004-x64

3

蹭饭小黑.exe

windows7-x64

1

蹭饭小黑.exe

windows10-2004-x64

1

运行不�...��.exe

windows7-x64

3

运行不�...��.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    skincrafter.net-vs2005.dll

  • Size

    928KB

  • MD5

    706bf7da38fc9e7054bfc6f215575da6

  • SHA1

    47d040757e2335587f1309b0fdeb73eb9330d70e

  • SHA256

    ed9169ec4be0db8203b81a67b0d7433291396a96f53ca0d8839aeb84f1d51872

  • SHA512

    41e3951cf4ef4376ab7f24a101743b87a51a3f3e9678ed89bb917e63113e8a1cfd8dcea76fe504a6f7698eab9ab06e9cab045a17d07aeabd1b9f4920dce397e2

  • SSDEEP

    24576:lKjaZau5QT3TZwLy0xRXfe6+EYP2Lbxie:lKO0BTjG

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\skincrafter.net-vs2005.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\skincrafter.net-vs2005.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads