Overview

overview

6

Static

static

3

0ebfb3fd77...18.exe

windows7-x64

3

0ebfb3fd77...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

YQL_Lyrics_Common.dll

windows7-x64

1

YQL_Lyrics_Common.dll

windows10-2004-x64

1

YiqilaiLyrics.dll

windows7-x64

1

YiqilaiLyrics.dll

windows10-2004-x64

1

YiqilaiLyrics.exe

windows7-x64

1

YiqilaiLyrics.exe

windows10-2004-x64

1

foo_ui_columns.dll

windows7-x64

1

foo_ui_columns.dll

windows10-2004-x64

1

foo_ui_yqllyrics.dll

windows7-x64

1

foo_ui_yqllyrics.dll

windows10-2004-x64

1

gen_yqllyrics.dll

windows7-x64

1

gen_yqllyrics.dll

windows10-2004-x64

1

vis_yqllyrics.dll

windows7-x64

1

vis_yqllyrics.dll

windows10-2004-x64

1

Ò»ÆðÀ...ú.url

windows7-x64

6

Ò»ÆðÀ...ú.url

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ò»ÆðÀ´ÒôÀÖÖúÊÖ°ïÖú.url

  • Size

    57B

  • MD5

    e6151ebfbd640f4600a815e8289ac31f

  • SHA1

    74e7ab2bea63b37c5d4814cabc74e5d5ddedf637

  • SHA256

    d31a017641defd3f9573e86920ba77df3d41910c275e2d0ed6709dda7d8ef7ba

  • SHA512

    196dbdd03f522940133d0359c207e5f7f951c34f11a097c8cccb68606921a19a2615719c81ba31340091241a340adba18ac06e991ca229442d7166a0a16c0532

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Ò»ÆðÀ´ÒôÀÖÖúÊÖ°ïÖú.url
    1⤵
    • Checks whether UAC is enabled
    PID:2012
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1828 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b0cf60d358df70b6ab897e1cd7c1b32

    SHA1

    549ae106a6355a2d74952537764f730f744ae3fe

    SHA256

    e868423910a8cee74a3da5842f5fbcb82b15b8890bb85d0b4e19d3bbf4f78a5e

    SHA512

    916ef815b0d92ba2105ab4d6b1caef7fd2689b1a6e32ac4f34ed6a19648ee838346b75622d8983f382d1bf309876a6d7030c3c19d8a1de4c8525f077c42d38a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3066f08eb3831e73facf1eef0ab73ea1

    SHA1

    6da14393a88fdbbca331c569b45f7ad56fb49ee9

    SHA256

    b2054df9a2d6442514b48f454ed4ee0fa083f944485d47c2693a8ef0dc9d3ec9

    SHA512

    f4a7b1ea950fb77c29f2746c5bdbbc636d756f5793eae6434f3ddd1596bf3d64aef87b3d16b29724e86e03cf91341fa3ef78a8627f6341a488b5ba4ded082b3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4af9f7b541fe1dad1af62a6687b8fa72

    SHA1

    206921ed69552304dd96f0a3846d35cfab1ae648

    SHA256

    b0629bccfee1a6225986379d7fa228cf41f5cd3b8ea02aa4d25edd865bc17b6f

    SHA512

    4e3e835dbe368034e680fd7f8fc57bb18ba86aec1ed780219a902636d22091154855baaa69aa5bce738f3e798af21e73d7e143ef16ca48df1c4a02b84bf6135d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93368aac95200354c18448bac6789c07

    SHA1

    fbd41b3774cc50d308a44b1bb72d48573ff5ef28

    SHA256

    e5a05fd720a30433ede7c770a88ffe05df5cdf5e77385a6050bb10131c76da11

    SHA512

    8023f9ba9b7666c442f92fdec08d4262d755a0195e36475c5b9c4b5c6682dc9d2675628594fb75aca5cc02cfaf701f1a2cc2e0f3636f12f489a6b954359eac0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    482d8e3c1dbf55e2933ffe8ac74f5dc0

    SHA1

    d764893b7d1bb8351bbd4801f11756580c92097e

    SHA256

    43fd0eb0120cb7dd26cf53f2e208698456fc17fcc2b9b94c8bb1abe2b3ecaa2c

    SHA512

    5f1bdfc22930d8137dc9d27f5582829061831fc584fcee13907f77ae04e3d0d466ce2ce1b3bd1560e84a194a87a0e2203262be3c88ea49794c4e32115ae0a204

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c854701839f3f13b759c84cc800ecb92

    SHA1

    b1cd90fa31732189674fa109c401a7aefd38b189

    SHA256

    0aa4db64769782b2897f777d30d3b8335c265fe94d969830dd7853e46c566e5a

    SHA512

    3f753b3f0cc11fb3b1f949ab7cdd9f0707205db2454c494ac63f22ca1f9b0d013e268d5db54112fa79e0dc53228f80cd4565bfd8d5d70f7d735539a94a7e1d2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e58a3f5e0a3d45663caf5e40b443de18

    SHA1

    e8c212357cf1ff4e99f0d600fb35049e0f0188cf

    SHA256

    0325f17db01210f9fd0fa41d1afb95e99889d1e977cb848097b2bd42ce456646

    SHA512

    d042f9c2cd50b3c27e0aa3819a2737e9af77eb0fa55061c7d8eff41fbe034bb53be4d1f76ebaa99b401f4197cd99df36cb0f307e4385a98886ded3b4deb6b967

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d4d7b84535383728ea8a5bb68b04a3d

    SHA1

    94029b966a78b13c2f94a0ad0a8f6c46839d437d

    SHA256

    4f101ef4c362112ac0cd42f5dae2342e8b781c868dc1d2a12228d2e17229dc86

    SHA512

    a6afa5cd1087947119c0ee265dcb2cc87cae5e50191c6e8598c8d1295b11de3eed467233c6104b3dc1bf2e94d03d9c5a96ae1c6c6a96583aa07a5c9fcb480674

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b0848fadc85c8cd29aea1018d39a889

    SHA1

    eecdc851dba55742cbe2a7d57ea6e40c04472e6d

    SHA256

    20afc97ebdaf1b9f27b2dc140f1c34ec41733d54cfa2bc20ecd86e79d5840149

    SHA512

    e83ca7bc98993b9fe8685614ea84903d8c56ed7226befeb6437294c2a3a6fd0dd9d56112fa3fa55a7a0b2aaa7ceef57579017dded517f2117f01cdef673dab7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0a0788b766ea5d01b3755153762061f

    SHA1

    4d418b20be57cd49b65122476965310b04e14bb9

    SHA256

    85135d8b4cc59b86a4ac802bba3b841b9250c2e2da7ee96bb8c5a58bd436b3ef

    SHA512

    79771af88a441c405206b95768279ba2ea8f25f2acc4d963a08dc792529821eb80e26bff365ad78d755583e8903b2dce1cd85b42740d62478f849909d2dacf1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    245eeb25347a22b1c00bda018ac7567c

    SHA1

    c0253608ad2293e641e546b117b402a8b9527f8f

    SHA256

    5ca6b4365a1e2c062a0aa9a8353fc11ac18fdecfb324a6063a4776c12b5a39b6

    SHA512

    7e54ae9dc6f2bc3728b3eff00a255b919bda6b879d43b77e53187aedaa1c9a18a07afdd50582e950504dcf8a3a3f7dc1351bb887457abb186c63a78d0960872c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73ce0097cfe0867d31135cd60f74e9cb

    SHA1

    3ae06d82dc2b9b93371578e650dab383958f0054

    SHA256

    410d4ded45571886316da16a464d98f6743603ba9c42895812e80ff41fc25190

    SHA512

    31f78d972976d27f1180229ea32195cba9bb71413a7c638c35f47d372fe005c8d81298ec2566df1eedb9b0842966784e508e6527b7d3a38ee726fc8db545ae5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa1c8669351c503be0eff08f246a2134

    SHA1

    61ab5ec9124e36935e7cdff4723e32f72dc10823

    SHA256

    26bb2b5f0bda277f78336d6f475b44f301af41c15c3d1210b6a91c85fc6040a8

    SHA512

    4a50135a1d3febc5ef4317560c50a256573f4c49a0ca8516590fe0526ded150f35f00766b005db4c92632bf2447016280748e8596f83487ad131b7ece155ae29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46a2c5969fa8ddc2ccd15792031414ed

    SHA1

    06c0f0b6e289a6d83b77e41a0ba07af7e1a8ee2b

    SHA256

    f6ddef9eb1dc7787a62f03114806bb18b9cb5bc6a1eaa20a904d4c582eb90b93

    SHA512

    3c78cb4249cced0fc63dd5890d92496c172e7e70ce7a1f2680fd99dbb2df56cd6554954dd1c7be53c40620516528bf4b8a65e3e93824da428f93333f61cc7db1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93db7abd60c06c572d967d1f701768ab

    SHA1

    c01c3a9d2969073c70dbd1c61ab8d24b8b4b4ad0

    SHA256

    eebe6205ccc1d07a13443fcdc9568062ebd4f75e31736228f75a88ba7045c0f4

    SHA512

    cb68f24ffdfb8f0e06e3738fbc94f8d38e9aa9b59fd4be0b1c28c366918e47adb7b55e28377f9c6a517439b415a780cb22cd9eaadb5055a9a582920625c24240

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f030bf6e95ff89d67a8173f76cbb69e4

    SHA1

    484fe3f7616f34289531d51ea1a0777701e70bdf

    SHA256

    e06b6f96b0039e158906c0b8d42a670fa3e088167ced8f36c69a0640788a5639

    SHA512

    d048e2a3e5064028bfbf65c78c034a435a0a5dbb6795a1de8f7753aa84fc9a69b3cc5b3769afa6b48a93e96ed807ba421e8b88db4a0266ce30eb318cd516de44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1adacae785ee09bc504af78115e06523

    SHA1

    d645c55050b647444df16d69964191397e947538

    SHA256

    ea148b07efb43e0707924601956205692dd63b097bd60ba2e18165b975983151

    SHA512

    675e6fc39b96704c5411f38f9d89ead74a758a2cbdde5617c33483e218403231f864a2217afbb98828d55124684aeb7d661862324b6621c1520786426b24d4ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9000d664438bd738eaa1567a5009918f

    SHA1

    f501afc233d1feddb30c10bf4b43d1e5e4e61964

    SHA256

    2bcbbedbfa923b321a7abada17962c4310857d3f7ab5b4468a8f283c1feaf316

    SHA512

    012883c4712797c613f3037b72b91e9f256e67094c3cb9eb90db3fbadf38f1f75aa669248941e7b8d1f9894ea2fca88a1ef33be421450fa91ee17ed54b480e0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd4959b290161e6d7922f6caaffbad75

    SHA1

    4d2beeca17aefeea5cb002bfcb60eecfb28d0019

    SHA256

    473c1b636a347f44b9d356e7146aab33991c53f8deb88087d6cb742aabf9a0a6

    SHA512

    52e99637a5494b4b4c7acb3a49447f4f5c517ee1136c8ca2a452a32403707139b994f3cba216dbd086450504abaecebfffb29dad1f303ac759507c329aa77a8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCAFF.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCBC2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2012-0-0x0000000000160000-0x0000000000170000-memory.dmp

    Filesize

    64KB

    Download