Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
26-09-2024 05:00
Behavioral task
behavioral1
Sample
100%游戏存档/双击我改签v0.5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
100%游戏存档/双击我改签v0.5.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
修改器/Nioh 2 The Complete Edition v1.25-v1.28 Plus 35 Trainer.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
修改器/Nioh 2 The Complete Edition v1.25-v1.28 Plus 35 Trainer.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
修改器/目录.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
修改器/目录.exe
Resource
win10v2004-20240802-en
General
-
Target
100%游戏存档/双击我改签v0.5.exe
-
Size
37KB
-
MD5
d7c6e7d592db6f4766f360098c1a3edd
-
SHA1
48457312af8c5398cb36272044e0707edd82776c
-
SHA256
237405750ab7d78c1db9f51d4eae7a4a46147bf064a9be61de41fe8aa91ca581
-
SHA512
1e9b2bb79ad73297becdbed2cb35fe5f08932bb144c54e7469bde50a891e0f973b8d173d8a44c38f56cdd043d31b982eb4a901e01b9d845906ba9f2aa170b122
-
SSDEEP
768:GnN9dODsbW1WechF6g7K2hnxQhjLzPaKmhznlEIJ3TUuV:G7omW1shg9aQKnLU8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1444 wrote to memory of 2140 1444 双击我改签v0.5.exe 31 PID 1444 wrote to memory of 2140 1444 双击我改签v0.5.exe 31 PID 1444 wrote to memory of 2140 1444 双击我改签v0.5.exe 31