Overview
overview
10Static
static
3RADCUI/RADCUI.dll
windows10-2004-x64
10RADCUI/pidgenx.dll
windows10-2004-x64
1RADCUI/termsrv.dll
windows10-2004-x64
1cdosys/cdosys.dll
windows10-2004-x64
1iasnap/iasnap.dll
windows10-2004-x64
1iasnap/mfds.dll
windows10-2004-x64
7iasnap/mprddm.dll
windows10-2004-x64
1setup.msi
windows7-x64
6setup.msi
windows10-2004-x64
10winmde/MMDevAPI.dll
windows10-2004-x64
1winmde/Win...cs.dll
windows10-2004-x64
1winmde/daxexec.dll
windows10-2004-x64
1winmde/mi.dll
windows10-2004-x64
1winmde/winmde.dll
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27-04-2024 22:49
Static task
static1
Behavioral task
behavioral1
Sample
RADCUI/RADCUI.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
RADCUI/pidgenx.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
RADCUI/termsrv.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
cdosys/cdosys.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
iasnap/iasnap.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
iasnap/mfds.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
iasnap/mprddm.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
setup.msi
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral9
Sample
setup.msi
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
winmde/MMDevAPI.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
winmde/Windows.Graphics.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
winmde/daxexec.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
winmde/mi.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
winmde/winmde.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
General
-
Target
cdosys/cdosys.dll
-
Size
1.0MB
-
MD5
4b32087670a6ec10c30f19b44b55fd81
-
SHA1
dfd4160d7667fd653d4c120bd9f03ee6306d4636
-
SHA256
5bbdd7dfd38a030620f8ff5ea02ae4f045d733d9af39655e168e18f48bc5faff
-
SHA512
cc154bfda1c11d592afe15e5968e36e34d1dacb585ed3ebf0c06f4aee83d853bbe6b72c01000d8fef7a882b4cb682916efe4537b6a05b99bad411fbfa942d889
-
SSDEEP
24576:Qbxqt/VuE+lA1rFsh4ZH83hNYdJX8Uc78zPAYVkJ:axqt/VuS1WC8xad5tykAL
Malware Config
Signatures
-
Modifies registry class 33 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_SMTPOnArrivalSink\CurVer\ = "CDO.SS_SMTPOnArrivalSink.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostSink\ = "NNTP OnPost Script Host Sink Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostEarlySink\ = "NNTP OnPostEarly Script Host Sink Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPFinalConnector\ = "NNTPFinalConnector Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.Message.1\ = "CDOMessage Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.Configuration\CurVer\ = "CDO.Configuration.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPEarlyConnector\ = "NNTPEarlyConnector Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.DropDirectory\CurVer\ = "CDO.DropDirectory.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.Configuration\ = "CDOConfiguration Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_SMTPOnArrivalSink.1\ = "SMTP OnArrival Script Host Sink Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SMTPConnector.1\ = "SMTPConnector Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.DropDirectory.1\ = "CDO DropDirectory class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.Message\CurVer\ = "CDO.Message.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostEarlySink\CurVer\ = "CDO.SS_NNTPOnPostEarlySink.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostFinalSink\ = "NNTP OnPostFinal Script Host Sink Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostFinalSink\CurVer\ = "CDO.SS_NNTPOnPostFinalSink.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.Configuration.1\ = "CDOConfiguration Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_SMTPOnArrivalSink\ = "SMTP OnArrival Script Host Sink Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPPostConnector\ = "NNTPPostConnector Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.Message\ = "CDOMessage Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostEarlySink.1\ = "NNTP OnPostEarly Script Host Sink Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostSink\CurVer\ = "CDO.SS_NNTPOnPostSink.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPFinalConnector\CurVer\ = "CDO.NNTPFinalConnector.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPEarlyConnector.1\ = "NNTPEarlyConnector Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPEarlyConnector\CurVer\ = "CDO.NNTPEarlyConnector.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.DropDirectory\ = "CDO DropDirectory class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SMTPConnector\ = "SMTPConnector Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPPostConnector\CurVer\ = "CDO.NNTPPostConnector.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SMTPConnector\CurVer\ = "CDO.SMTPConnector.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPPostConnector.1\ = "NNTPPostConnector Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.NNTPFinalConnector.1\ = "NNTPFinalConnector Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostSink.1\ = "NNTP OnPost Script Host Sink Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CDO.SS_NNTPOnPostFinalSink.1\ = "NNTP OnPostFinal Script Host Sink Class" regsvr32.exe