Overview
overview
7Static
static
7?????10?/2_p.exe
windows7-x64
1?????10?/2_p.exe
windows10-2004-x64
1?????10?/?????.exe
windows7-x64
7?????10?/?????.exe
windows10-2004-x64
7?????10?/bbxcomm.dll
windows7-x64
1?????10?/bbxcomm.dll
windows10-2004-x64
3?????10?/bbxinput.dll
windows7-x64
7?????10?/bbxinput.dll
windows10-2004-x64
7?????10?/jianpan.exe
windows7-x64
1?????10?/jianpan.exe
windows10-2004-x64
1?????10?/soundbox.dll
windows7-x64
1?????10?/soundbox.dll
windows10-2004-x64
1?????10?/tool.dll
windows7-x64
1?????10?/tool.dll
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 04:39
Behavioral task
behavioral1
Sample
?????10?/2_p.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
?????10?/2_p.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
?????10?/?????.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
?????10?/?????.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
?????10?/bbxcomm.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
?????10?/bbxcomm.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
?????10?/bbxinput.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
?????10?/bbxinput.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
?????10?/jianpan.exe
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
?????10?/jianpan.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
?????10?/soundbox.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
?????10?/soundbox.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
?????10?/tool.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
?????10?/tool.dll
Resource
win10v2004-20240508-en
General
-
Target
?????10?/soundbox.dll
-
Size
1.6MB
-
MD5
11a804704668900abc9b12a9968a530a
-
SHA1
e0961bc9989da51814b5de9208fa9f18f082db4a
-
SHA256
6d11a076bcc2b9208adf16a62c9309de000633147e3a564929806608fad5d8a4
-
SHA512
420600d04c86f1e6e612cd07a6b1e85f95ebadde8c6ae543d014f3bd0834441ccca44b42b539f4b1e711bdb8133a1742ba6e19815fbca5ecb885222cee28a7d2
-
SSDEEP
49152:b3lT6aG2823AlhFL1FOha4tN0bK6h2V5Qff4x4aGMTyX8M:bx6M82wlhFL1FOha4tNAxh2V5Qu43MTi
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1536 wrote to memory of 2572 1536 rundll32.exe rundll32.exe PID 1536 wrote to memory of 2572 1536 rundll32.exe rundll32.exe PID 1536 wrote to memory of 2572 1536 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2572-0-0x00000000348B0000-0x00000000348C0000-memory.dmpFilesize
64KB