Overview

overview

7

Static

static

3

67cb42bd52...8d.exe

windows7-x64

7

67cb42bd52...8d.exe

windows10-2004-x64

7

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...r2.exe

windows7-x64

7

$PLUGINSDI...r2.exe

windows10-2004-x64

7

ydetect.exe

windows7-x64

7

ydetect.exe

windows10-2004-x64

7

$PLUGINSDI..._U.dll

windows7-x64

3

$PLUGINSDI..._U.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...lr.exe

windows7-x64

3

$PLUGINSDI...lr.exe

windows10-2004-x64

3

$PLUGINSDI...OU.rtf

windows7-x64

4

$PLUGINSDI...OU.rtf

windows10-2004-x64

1

$PLUGINSDI...OU.rtf

windows7-x64

4

$PLUGINSDI...OU.rtf

windows10-2004-x64

1

$PLUGINSDI..._2.rtf

windows7-x64

4

$PLUGINSDI..._2.rtf

windows10-2004-x64

1

$PLUGINSDI...it.rtf

windows7-x64

4

$PLUGINSDI...it.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2024 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ydetect.exe

  • Size

    77KB

  • MD5

    48a2afeb63131a434bcc00335e656a0f

  • SHA1

    c7eca0cbed929fd30a110d61ba1b419a4be85327

  • SHA256

    1330f6cd27c84e9c2011111a9ca179c1eadd755b3a17059c9e73f08d3f4b5ddf

  • SHA512

    25a6b6081f3edef1ff46452cfaca710773fae721037fe90acc053d7108a29853b68ac80a14b265a810aa0d2cabf9a2ba909bf38721e9192b37b2db40f9781185

  • SSDEEP

    1536:VEEQJ+kVzMQ9wY68jgVoW6CIFUyUWIlLNgQ4lqELkuhEqIg/9MBJR4CaxO:SjJ+0zD7zguW6CIFUvWIlhsqELkuhSU6

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\ydetect.exe
    "C:\Users\Admin\AppData\Local\Temp\ydetect.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy498F.tmp\System.dll
    Filesize

    9KB

    MD5

    ae182dc797cd9ad2c025066692fc041b

    SHA1

    7ee5f057be9febfa77f698a1b12213a5bbdd4742

    SHA256

    b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471

    SHA512

    2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7

    Download Submit