Overview
overview
3Static
static
3TaijiName/...HS.dll
windows7-x64
1TaijiName/...HS.dll
windows10-2004-x64
1TaijiName/COMCAT.dll
windows7-x64
1TaijiName/COMCAT.dll
windows10-2004-x64
1TaijiName/...32.dll
windows7-x64
1TaijiName/...32.dll
windows10-2004-x64
1TaijiName/MSCAL.dll
windows7-x64
1TaijiName/MSCAL.dll
windows10-2004-x64
1TaijiName/...TL.dll
windows7-x64
1TaijiName/...TL.dll
windows10-2004-x64
1TaijiName/MSINET.dll
windows7-x64
1TaijiName/MSINET.dll
windows10-2004-x64
1TaijiName/VB6CHS.dll
windows7-x64
1TaijiName/VB6CHS.dll
windows10-2004-x64
1TaijiName/...IT.dll
windows7-x64
1TaijiName/...IT.dll
windows10-2004-x64
1TaijiName/...lt.dll
windows7-x64
1TaijiName/...lt.dll
windows10-2004-x64
1TaijiName/help.chm
windows7-x64
1TaijiName/help.chm
windows10-2004-x64
1TaijiName/msado20.dll
windows7-x64
1TaijiName/msado20.dll
windows10-2004-x64
1TaijiName/...60.dll
windows7-x64
1TaijiName/...60.dll
windows10-2004-x64
1TaijiName/...32.dll
windows7-x64
1TaijiName/...32.dll
windows10-2004-x64
1TaijiName/...32.dll
windows7-x64
1TaijiName/...32.dll
windows10-2004-x64
1TaijiName/stdole2.dll
windows7-x64
1TaijiName/stdole2.dll
windows10-2004-x64
1TaijiName/...��.exe
windows7-x64
1TaijiName/...��.exe
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 03:38
Static task
static1
Behavioral task
behavioral1
Sample
TaijiName/CMDLGCHS.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral2
Sample
TaijiName/CMDLGCHS.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
TaijiName/COMCAT.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
TaijiName/COMCAT.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
TaijiName/COMDLG32.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
TaijiName/COMDLG32.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
TaijiName/MSCAL.dll
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral8
Sample
TaijiName/MSCAL.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
TaijiName/MSCOMCTL.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
TaijiName/MSCOMCTL.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
TaijiName/MSINET.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral12
Sample
TaijiName/MSINET.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
TaijiName/VB6CHS.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
TaijiName/VB6CHS.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
TaijiName/VB6STKIT.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
TaijiName/VB6STKIT.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
TaijiName/asycfilt.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
TaijiName/asycfilt.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
TaijiName/help.chm
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
TaijiName/help.chm
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
TaijiName/msado20.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
TaijiName/msado20.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
TaijiName/msvbvm60.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
TaijiName/msvbvm60.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
TaijiName/oleaut32.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
TaijiName/oleaut32.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
TaijiName/olepro32.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
TaijiName/olepro32.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
TaijiName/stdole2.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
TaijiName/stdole2.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
TaijiName/太极取名软件.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
TaijiName/太极取名软件.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
General
-
Target
TaijiName/太极取名软件.exe
-
Size
536KB
-
MD5
0ada7b0964d95e39f07103a8454b6800
-
SHA1
d4a2cf47ded96adadbf33004b21072f2b0a09b33
-
SHA256
abd215b95034ae2cb5a25715ebf14a9ea84a72426765078058316c1da6e60082
-
SHA512
09eded8d08d6a5d14b51104f5f0b9d133d39265d6653190b5cf70fbfed7f4e8912ac7b7d5e1de83101cdbcccdf159b9284e63de336fd4fa2501d3e33fa3e5f06
-
SSDEEP
6144:NuGdxc95OYsdYYfSfRrRezNhfnZsRtNsHMKbqQy7BSEI2YcZjojRb3VP8sDlnEyw:Nu7eY/fRNexfjJl8QlTjM
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\TypeLib 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Programmable 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\0 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\TaijiName\\MSINET.OCX" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl\CurVer 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\VersionIndependentProgID 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Version 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\ = "Common Dialog Print Property Page Object" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\ = "Microsoft ImageList Control 6.0 (SP6)" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObject" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\TaijiName\\MSCOMCTL.OCX, 16" 太极取名软件.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628} 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\MiscStatus\1 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628} 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ = "Microsoft Slider Control 6.0 (SP6)" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ = "IPanels" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB} 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CLSID\ = "{C74190B6-8589-11D1-B16A-00C0F0283628}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\ = "Slider Appearance Property Page Object" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\ = "IButtonMenus" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CurVer\ = "MSComctlLib.SBarCtrl.2" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\ = "IListSubItems" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}\ = "ISliderEvents" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628} 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB} 太极取名软件.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB} 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2\CLSID 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628} 太极取名软件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} 太极取名软件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" 太极取名软件.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3864 太极取名软件.exe