Overview
overview
10Static
static
3maizu hack v1.4.rar
windows10-1703-x64
3maizu hack...me.txt
windows10-1703-x64
1maizu hack...er.dll
windows10-1703-x64
1maizu hack...fg.dll
windows10-1703-x64
1maizu hack...im.dll
windows10-1703-x64
1maizu hack...er.dll
windows10-1703-x64
1maizu hack...ng.dll
windows10-1703-x64
1maizu hack...2p.dll
windows10-1703-x64
1maizu hack...nd.dat
windows10-1703-x64
3maizu hack...in.dfb
windows10-1703-x64
10maizu hack....4.exe
windows10-1703-x64
10maizu hack...br.dfb
windows10-1703-x64
3maizu hack...er.dll
windows10-1703-x64
1maizu hack...on.dll
windows10-1703-x64
1Analysis
-
max time kernel
196s -
max time network
262s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
01-07-2024 13:20
Static task
static1
Behavioral task
behavioral1
Sample
maizu hack v1.4.rar
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
maizu hack v1.4/Read me.txt
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
maizu hack v1.4/app/apper.dll
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
maizu hack v1.4/cfg.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
maizu hack v1.4/data/aim.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
maizu hack v1.4/data/fover.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
maizu hack v1.4/data/setting.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
maizu hack v1.4/data/vkfow2p.dll
Resource
win10-20240611-en
Behavioral task
behavioral9
Sample
maizu hack v1.4/dimaind.dat
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
maizu hack v1.4/main.dfb
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
maizu hack v1.4/maizu hack v1.4.exe
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
maizu hack v1.4/sociebr.dfb
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
maizu hack v1.4/updater.dll
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
maizu hack v1.4/version.dll
Resource
win10-20240404-en
General
-
Target
maizu hack v1.4/maizu hack v1.4.exe
-
Size
507KB
-
MD5
5241cbe1ca5ad91d9701dcd3e86d0be4
-
SHA1
42e2343018e6f26747f21310e1498a0b7558cee7
-
SHA256
18b8ddccfd60b09d5e7148f3a5ce61c61d37da4de9e4206ad28155ad92d70a5d
-
SHA512
208b7e3efce893a7a766d03f5185f065e0067b100ec5917fe9a3030906ce0740669d95ad2a128cdecf7cd70051cd04e1befa1fec5ce855a6a016016ae25950e1
-
SSDEEP
12288:1+0NNkaifVNXUYLnft4Com2511gYTqKoGlGnzc:17yaCTXU+t4CoP5FTxoG
Malware Config
Extracted
lumma
https://piedsiggnycliquieaw.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
maizu hack v1.4.exedescription pid process target process PID 4684 set thread context of 96 4684 maizu hack v1.4.exe RegAsm.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4172 4684 WerFault.exe maizu hack v1.4.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
maizu hack v1.4.exedescription pid process target process PID 4684 wrote to memory of 4508 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 4508 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 4508 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe PID 4684 wrote to memory of 96 4684 maizu hack v1.4.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\maizu hack v1.4.exe"C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\maizu hack v1.4.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 3402⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/96-0-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/96-3-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/96-4-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4684-1-0x0000000000550000-0x0000000000551000-memory.dmpFilesize
4KB