Overview
overview
10Static
static
1BaiduNetdi...il.dll
windows7-x64
1BaiduNetdi...il.dll
windows10-2004-x64
1BaiduNetdi...sk.exe
windows7-x64
6BaiduNetdi...sk.exe
windows10-2004-x64
7BaiduNetdi...st.exe
windows7-x64
1BaiduNetdi...st.exe
windows10-2004-x64
1BaiduNetdi...er.exe
windows7-x64
1BaiduNetdi...er.exe
windows10-2004-x64
1BaiduNetdi...nt.dll
windows7-x64
1BaiduNetdi...nt.dll
windows10-2004-x64
1BaiduNetdi...0U.dll
windows7-x64
1BaiduNetdi...0U.dll
windows10-2004-x64
1BaiduNetdi...ns.exe
windows7-x64
3BaiduNetdi...ns.exe
windows10-2004-x64
3BaiduNetdi...Db.dll
windows7-x64
1BaiduNetdi...Db.dll
windows10-2004-x64
1BaiduNetdi...ce.exe
windows7-x64
1BaiduNetdi...ce.exe
windows10-2004-x64
1BaiduNetdi...ls.dll
windows7-x64
1BaiduNetdi...ls.dll
windows10-2004-x64
1BaiduNetdi...ic.dll
windows7-x64
1BaiduNetdi...ic.dll
windows10-2004-x64
1BaiduNetdi...in.dll
windows7-x64
1BaiduNetdi...in.dll
windows10-2004-x64
1BaiduNetdi...64.dll
windows7-x64
7BaiduNetdi...64.dll
windows10-2004-x64
7BaiduNetdi...xt.dll
windows7-x64
1BaiduNetdi...xt.dll
windows10-2004-x64
1BaiduNetdi...64.dll
windows7-x64
10BaiduNetdi...64.dll
windows10-2004-x64
10BaiduNetdi...ub.dll
windows7-x64
1BaiduNetdi...ub.dll
windows10-2004-x64
1Analysis
-
max time kernel
36s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
07/02/2023, 07:18
Static task
static1
Behavioral task
behavioral1
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/AppUtil.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/AppUtil.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/BaiduNetdisk.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/BaiduNetdisk.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/BaiduNetdiskHost.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral6
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/BaiduNetdiskHost.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/BaiduNetdiskRender.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/BaiduNetdiskRender.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/Basement.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral10
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/Basement.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/Bull140U.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/Bull140U.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/ServiceAssistans.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral14
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/ServiceAssistans.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunDb.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunDb.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunDetectService.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunDetectService.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunDls.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunDls.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunLogic.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral22
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunLogic.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunOfficeAddin.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunOfficeAddin.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunOfficeAddin64.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral26
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunOfficeAddin64.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunShellExt.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunShellExt.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunShellExt64.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral30
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunShellExt64.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunSub.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral32
Sample
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/YunSub.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
BaiduNetdisk_v7.2.8.9_Portable_01/App/ProgramFiles/Bull140U.dll
-
Size
2.7MB
-
MD5
b997c3bea8deca0dfa97af9cfb655f02
-
SHA1
507ba258180c7c0b22f6321b01ebd55fb688cf37
-
SHA256
db132841a4fa2ba4bac800b986345bbde5c35cf099aa862269b245bc97b8cea6
-
SHA512
2c4d2206dcb11927cc9ab6f3ea0c5799861a12dc08bde07389562437f7ac8b4c69a96ad98a23abc1a65f4ed55250d72605be365403bf32ad38a02013ab6a9f3a
-
SSDEEP
49152:085ifjTp5Qrh5zcXRuc8Bp6LOPT7Nr5TCU1odhDsQrpb/ra7rd2C:03jTo5zcBuc1i7NrUU18ho
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 864 wrote to memory of 1680 864 regsvr32.exe 28 PID 864 wrote to memory of 1680 864 regsvr32.exe 28 PID 864 wrote to memory of 1680 864 regsvr32.exe 28 PID 864 wrote to memory of 1680 864 regsvr32.exe 28 PID 864 wrote to memory of 1680 864 regsvr32.exe 28 PID 864 wrote to memory of 1680 864 regsvr32.exe 28 PID 864 wrote to memory of 1680 864 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\BaiduNetdisk_v7.2.8.9_Portable_01\App\ProgramFiles\Bull140U.dll1⤵
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\BaiduNetdisk_v7.2.8.9_Portable_01\App\ProgramFiles\Bull140U.dll2⤵PID:1680
-