Overview

overview

4

Static

static

1

BaiduNetdi....5.exe

windows7-x64

4

BaiduNetdi....5.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    98s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2023, 03:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BaiduNetdisk_ydsd3_7.27.1.5.exe

  • Size

    273.0MB

  • MD5

    e35cce5141d1705998163d316f2661fe

  • SHA1

    5e481afdd99d913b132a6f19bac916598bbc4bb8

  • SHA256

    c4b23d0e846e2f924b7b5c3a189cd834206a6feda508b28bb26d42441465bd5f

  • SHA512

    491fa1cd3c68e8bd3bcd418bf8e666c5088c80bdbc37d909a891e9ccfea28f0d6749202210f26c4f8e605685b8b4a59d095a1acea85ea2f6e57d951599808484

  • SSDEEP

    6291456:zvIW1+UDgMxoTgf6QE2KWOcaK9TF7wG/YonednFraf7KL:zQW1+Z8tXEykK77wGtn83L

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BaiduNetdisk_ydsd3_7.27.1.5.exe
    "C:\Users\Admin\AppData\Local\Temp\BaiduNetdisk_ydsd3_7.27.1.5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsgBDE8.tmp\NsisInstallUI.dll
    Filesize

    3.6MB

    MD5

    1a5c7c2fca894da9cb2b3aafeca87089

    SHA1

    78168cae72900740c40eef35722ea7a65e58a32d

    SHA256

    df3359887c2b815b01b2a29e2eadadc306b789cccd6bd5affe7047ce7db16910

    SHA512

    0cdd642da3b11c7ddcc3311044af20be1a755f74ed322477ffdc76d2d6957d285b6a2654f6cf85f22851b4dc59b6e87d678b5e0190c8d1832d6f0060315e925e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsgBDE8.tmp\System.dll
    Filesize

    29KB

    MD5

    1c16cc0484d1e421fbc91ffd55d43bb7

    SHA1

    46d2e08a81ccc50b19ee63617222b8b7a1b3f17d

    SHA256

    87fcd86c08193dc5f19eebad6ee18dbba7a450f42749ae4338b0c3d0d04a6018

    SHA512

    21d7b570f16afe70ab93413260ae3534b3be45e2d43e6c62bd8368414f20e34404c30419863ec592c91ec1f8f9529c6dfe8788ff21867e5538956ec406bbe243

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsgBDE8.tmp\nsProcessW.dll
    Filesize

    21KB

    MD5

    df8dc84e656268da5a75e27a09aa5256

    SHA1

    ce52a4a22a04c82f3dd3742685cfbcd954705635

    SHA256

    87cc082dbe9c972e297eb64bbb44de8a33f372f35a596415b5835ee97e994fbe

    SHA512

    fe5ba36451dbb2327253fbb8cba03266946502c30d82f743d212412821639d306f4725e4e84c264f0b55e9d6ce29d2031c833976b7adb69a174d6735ed0d1c84

    Download Submit

  • memory/4864-150-0x00000000051A0000-0x00000000051B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4864-397-0x00000000051A0000-0x00000000051B0000-memory.dmp

    Filesize

    64KB

    Download