Overview
overview
7Static
static
7?????10?/2_p.exe
windows7-x64
1?????10?/2_p.exe
windows10-2004-x64
1?????10?/?????.exe
windows7-x64
7?????10?/?????.exe
windows10-2004-x64
7?????10?/bbxcomm.dll
windows7-x64
1?????10?/bbxcomm.dll
windows10-2004-x64
3?????10?/bbxinput.dll
windows7-x64
7?????10?/bbxinput.dll
windows10-2004-x64
7?????10?/jianpan.exe
windows7-x64
1?????10?/jianpan.exe
windows10-2004-x64
1?????10?/soundbox.dll
windows7-x64
1?????10?/soundbox.dll
windows10-2004-x64
1?????10?/tool.dll
windows7-x64
1?????10?/tool.dll
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 04:39
Behavioral task
behavioral1
Sample
?????10?/2_p.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
?????10?/2_p.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
?????10?/?????.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
?????10?/?????.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
?????10?/bbxcomm.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
?????10?/bbxcomm.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
?????10?/bbxinput.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
?????10?/bbxinput.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
?????10?/jianpan.exe
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
?????10?/jianpan.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
?????10?/soundbox.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
?????10?/soundbox.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
?????10?/tool.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
?????10?/tool.dll
Resource
win10v2004-20240508-en
General
-
Target
?????10?/bbxcomm.dll
-
Size
339KB
-
MD5
0c0731b749a20a9f687b54976e1f1277
-
SHA1
93a2253f1e87a78c7ef8d4b841d31450f4c7d49e
-
SHA256
6d7ba5076c454b527b0dad54b43b4e08af27baf902d47421a6a8d0ce92c6c058
-
SHA512
cff7c7dd67da851f8637de66b0864b019e417c5dd5423ac9a20455d92ccf2e717a5dc5ac2820848a6a5706ef0609100dd3081557b84ec2e9580f8d25e48a1105
-
SSDEEP
3072:2k/XVm652zDx0l1pKxXdaY4vzouz+ocGKu0H6JymjIpZhNSM44G4444444444D4S:2k/XVpi0lDKkou8GK16JymjIp8pTpQLw
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1692 wrote to memory of 1664 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1664 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1664 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1664 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1664 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1664 1692 rundll32.exe rundll32.exe PID 1692 wrote to memory of 1664 1692 rundll32.exe rundll32.exe