Overview
overview
10Static
static
7ha_xint4.3_lrh.exe
windows7-x64
7ha_xint4.3_lrh.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/nsweb.dll
windows7-x64
3$PLUGINSDIR/nsweb.dll
windows10-2004-x64
3$TEMP/123.exe
windows7-x64
7$TEMP/123.exe
windows10-2004-x64
7$TEMP/noui.exe
windows7-x64
7$TEMP/noui.exe
windows10-2004-x64
7$TEMP/zwsw.exe
windows7-x64
8$TEMP/zwsw.exe
windows10-2004-x64
8ReplacingNotepad.bat
windows7-x64
5ReplacingNotepad.bat
windows10-2004-x64
5uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7xint.exe
windows7-x64
10xint.exe
windows10-2004-x64
10非常世�...��.url
windows7-x64
1非常世�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04/07/2024, 01:14
Behavioral task
behavioral1
Sample
ha_xint4.3_lrh.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ha_xint4.3_lrh.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsweb.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsweb.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$TEMP/123.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$TEMP/123.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$TEMP/noui.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$TEMP/noui.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$TEMP/zwsw.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
$TEMP/zwsw.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
ReplacingNotepad.bat
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
ReplacingNotepad.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
uninst.exe
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
uninst.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
xint.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
xint.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
非常世纪资源网.url
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
非常世纪资源网.url
Resource
win10v2004-20240611-en
General
-
Target
$TEMP/123.exe
-
Size
238KB
-
MD5
eb18db4401a41b7643dc2d20cd311a21
-
SHA1
f86498dbd02816979b4ca272b7f916e8f62e3c43
-
SHA256
aae2deac33f1548e95295238f4bd83af39a4abe7904f0455f1f7ecfd213a196f
-
SHA512
51b0a4419970bb1191694b5708a82ccb96e587954a77f19345ee95b8d2ffe9205fd13da747b4da76094b84c608f3d5bac56eb650d8f5d8a1888e57a0d90ae135
-
SSDEEP
6144:LhF2fYHipbBER+iH3vIEuiAvxJsKW4nflzxhRghOisOe:lUnRqgwvBu5wKvflFfiG
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 1460 123.exe 1460 123.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ƴ$'°± 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\›#'x™ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Öl!'Àn 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÞD!'¸F 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\–B!' 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\img\imglist.bmp 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Pãô˜ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ž&'ø 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\žð9'øò 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Î>'¨ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¦Ú;'Ù 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¾:'“ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\®=' 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\N ='( 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ћãô˜ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ÿ&'€ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\î* 'È( 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\þŸ"'Ø 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\FW?'0U 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\>ƒ>'˜ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\æv='Ðt 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\FÀ;'0 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\î¾('ȼ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\öÄ''àÆ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\n¨''Hª 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\‘''h“ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ù!'hÛ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\f='P 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\&!'h$ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\>¤ '˜¦ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\V5>'@7 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ŽÅ;'èÇ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¦h:'k 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ˆæ]w 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\î•&'È— 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Æ&'° 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\FV:'0T 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\vÔ9'`Ö 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¦ü"'ÿ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\f…>'P‡ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\F{<'0y 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ö´;'À¶ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\®²;'± 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\F ;'0 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\F '0 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\öy>'à{ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\6Ï;' Í 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\vù;'`û 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\–Ó:' 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¶ã&' â 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\&X#'Z 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\æR 'ÐP 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\†ª&'ð¨ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¶+!' * 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\FŸ9'0 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\\;'€- 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\öê:'àè 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¦J''I 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¼%'x¾ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ö'"'À% 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¦Ø%'Û 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\î¹#'È» 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\fÓ"'PÑ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\6%' 123.exe -
NTFS ADS 47 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\&Ä:'Æ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\.œ:'ˆž 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\†ƒ:'ð 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\6]:' _ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\N.:'(, 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ná:'(ã 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\fö:'Pô 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\>ì:'˜î 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\·:'hµ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\v:'` 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Öý:'Àÿ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\®û:'ú 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¾:'“ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Ž[:'èY 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\L:'xN 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ö3:'à1 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\n:'H 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\†8%'ð: 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\®@:'C 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Þ":'¸ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\æš:'И 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\nÎ:'HÌ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ž«:'ø© 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\V¦:'@¤ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\îr:'Èp 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\~g:'Xe 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\n8<'H: 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\–Ó:' 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¶¸:' » 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÖJ:'ÀH 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ÞÕ:'¸× 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\t:'€v 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¦h:'k 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\FV:'0T 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\f?:'P= 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\–:' 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\& :' 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\þ:'Ø 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\ß:'pÝ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\þÂ:'ØÀ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Æ:'°¯ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\Î…:'¨‡ 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\^~:'8| 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\>5:'˜7 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\$:'p& 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\¶:' 123.exe File opened for modification C:\Program Files (x86)\baidu\bar\BDBar_tmp\öê:'àè 123.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
584KB
MD50c8ed82bce60e5e2860d9daa28289267
SHA15ea9dcfadc426463c51e0abfc736a42dfc31f3e9
SHA25689bc3949eb1ab805b49f2699f0623796997ba7bf0f5acf9402f90ae5cd630d13
SHA5122a6b90d1ee12d88a9866b774de5b52b329beebbb9ce0c1655455020aeaddd0824cd3c38804e76f777b81fa5b149744b392ea8f904ba2eb71c6db779a0ef85830