Overview

overview

8

Static

static

3

spvod_player.exe

windows7-x64

8

spvod_player.exe

windows10-2004-x64

8

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/pncrt.dll

windows7-x64

3

$SYSDIR/pncrt.dll

windows10-2004-x64

3

Codecs/Rea...er.dll

windows7-x64

1

Codecs/Rea...er.dll

windows10-2004-x64

1

Codecs/WMFDemux.dll

windows7-x64

1

Codecs/WMFDemux.dll

windows10-2004-x64

1

Codecs/asyncflt.dll

windows7-x64

1

Codecs/asyncflt.dll

windows10-2004-x64

1

Codecs/atrc.dll

windows7-x64

1

Codecs/atrc.dll

windows10-2004-x64

1

Codecs/cook.dll

windows7-x64

1

Codecs/cook.dll

windows10-2004-x64

1

Codecs/drvc.dll

windows7-x64

3

Codecs/drvc.dll

windows10-2004-x64

3

Codecs/msvcr71.dll

windows7-x64

3

Codecs/msvcr71.dll

windows10-2004-x64

3

Codecs/raac.dll

windows7-x64

1

Codecs/raac.dll

windows10-2004-x64

1

GifShower.dll

windows7-x64

1

GifShower.dll

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

vjocx.dll

windows7-x64

8

vjocx.dll

windows10-2004-x64

8

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 00:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    spvod_player.exe

  • Size

    1.7MB

  • MD5

    29cde3b138c0146acb08adf6e1728bae

  • SHA1

    5b7885fc49b7dc121a89b2764da05d66a3595617

  • SHA256

    f7ebbcb19286e0845344e9e9ba09533ce3990071040244e96f2c9623c06604c2

  • SHA512

    eb6c2b9b1e67658caefe3635507a6926b60b90b2118a1ed89081ca13dc3789ad84410cd1683f420405ab89670c53d98232f9bfde0727709a3ef3e038304cefab

  • SSDEEP

    49152:OIVRXtlkEQua3XaADxjKEZ3rpU84H6ZuwJhSLrnF:OIrB/a3XaWxT7p6uFornF

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 23 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\spvod_player.exe
    "C:\Users\Admin\AppData\Local\Temp\spvod_player.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    PID:2032

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\Nagasoft\Codecs\RealMediaSplitter.ax
          Filesize

          360KB

          MD5

          3c262235c90b600be5ff457bc9c8cccb

          SHA1

          7ebd941bd26c8f7b64c3784602ef1a49c9ced8cc

          SHA256

          d10e22a9198fc6d35ccd19512b03c00614300a13f7deb2e2abf383fc61075235

          SHA512

          cff32ad228eb672c8048486992dcd0f7a30b9b1f237a054e4d5287e49298480c780295d5f41325b86e95b368a679567ab6e2dbb5d03c04f2ef69ac65b10b4eff

          Download Submit

        • \Windows\SysWOW64\Nagasoft\Codecs\WMFDemux.dll
          Filesize

          104KB

          MD5

          5e06cd629712576a32fbcd8a0c62b4dd

          SHA1

          fd5cb2ce5e8d9010715b57b0c8a939e58697afc6

          SHA256

          58eb294d7fa3907dee24647aaf0a9ccc409f8f39aa9e03269cc8ea381c012feb

          SHA512

          09fc01869f59c1583d25d5aee6dbfcd4e3443fddcd751b3eade2447c6220263f7f83aafb174a026a0cebea904b67b9a256a02fa152f29d847c3993737642282a

          Download Submit

        • \Windows\SysWOW64\Nagasoft\Codecs\asyncflt.ax
          Filesize

          52KB

          MD5

          76283f65a79b37afd28b05cd7a3bf51b

          SHA1

          2a5ef2a6cc21229d34b32c961b27018f89a1cd67

          SHA256

          f5fd0b79c0f6938e287b803ad8c86663befcdaf280391e25550ec5aad32f604a

          SHA512

          d223aa86ddbb56a1bce91e0108c7ab0476f2879d8eba704291994d4bc0487c47b2def1f51f061c8801743d874b1f14a48a701923795eaa3ce21231d34b397749

          Download Submit

        • \Windows\SysWOW64\Nagasoft\GifShower.dll
          Filesize

          132KB

          MD5

          407ca7065f10a6397db208ad28b2990e

          SHA1

          574d120ff00d8204e159ef4372e7e9675330288f

          SHA256

          0e2b461e74409bd6d7a4f6f6cac153310d3b03aafc4d394c757aa3f26345ca14

          SHA512

          d4dce120d19bf0ceca38aeba4b08329ec9adac27c1b0e796709351971b923d6a88017bfa7a74fc09833f3bd15c803352f30c6a1b6692f80fb73150881cb36671

          Download Submit

        • \Windows\SysWOW64\Nagasoft\vjocx.dll
          Filesize

          1.5MB

          MD5

          da162564646da62c40238153a1cbf268

          SHA1

          b0314c89f0060d69f82d1bd057cc0cec84694794

          SHA256

          cfd9e9cd51d43f2366191ff5fefa4446b44961b37f203b943454f228d827d00c

          SHA512

          51c5c881395f516e9f670148e9853ef2ed3583270847cc32d66b39ae4cb72020dc8546ba845da8c8c132d24e489987987f8c0dae5b858c70dbc0e7bef5612393

          Download Submit