Overview
overview
7Static
static
3imgdksetup.exe
windows7-x64
7imgdksetup.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3MSINET.dll
windows7-x64
1MSINET.dll
windows10-2004-x64
1bkDLControl.dll
windows7-x64
1bkDLControl.dll
windows10-2004-x64
1getradio.exe
windows7-x64
1getradio.exe
windows10-2004-x64
1sethui.exe
windows7-x64
1sethui.exe
windows10-2004-x64
1softup.exe
windows7-x64
1softup.exe
windows10-2004-x64
1start.exe
windows7-x64
1start.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7yfDNetMenu.dll
windows7-x64
1yfDNetMenu.dll
windows10-2004-x64
1�...��.exe
windows7-x64
1�...��.exe
windows10-2004-x64
1新云软件.url
windows7-x64
1新云软件.url
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2024, 08:34
Static task
static1
Behavioral task
behavioral1
Sample
imgdksetup.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
imgdksetup.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MSINET.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
MSINET.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
bkDLControl.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
bkDLControl.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
getradio.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
getradio.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
sethui.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral12
Sample
sethui.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
softup.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
softup.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
start.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
start.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
uninst.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
uninst.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
yfDNetMenu.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
yfDNetMenu.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
ֽԶ.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
ֽԶ.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
新云软件.url
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
新云软件.url
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
softup.exe
-
Size
36KB
-
MD5
f8fe5994a901993b9915cfd19eff174f
-
SHA1
2ae87c3d055c5ada8dcb8d13a2f915c654490c39
-
SHA256
393b20e6531555e8f4f7e32a8e770c44708ab1472478f5edae1efa6685413457
-
SHA512
949d3142d4032d1ba00e3334e2321a37e30a350ec5b4c8daffcb112f8bc01f25e525bca33927ba4ed13bcaa4d84ce6ef3f23dbaed576eb2221019a81be6dd5d0
-
SSDEEP
384:zjj8fL5eZzd1nPSVVpD9uNMZDOraFwYwswMDZBLW77BdbKLTGzaOaz+ktzIDsSMj:zP8f9Qq7mapGqXGLMA8f
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908} softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bkDLControl.ocx" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\TypeLib softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\TypeLib softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\TypeLib\ = "{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\HELPDIR softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\ProxyStubClsid32 softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\TypeLib\Version = "1.0" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\TypeLib\ = "{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSINET.OCX" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bkDLControl.ocx" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\VERSION softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\ = "bkDLControl" softup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\¹¤³Ì1.bkDLControl softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1 softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D} softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\MiscStatus\ = "0" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0 softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ = "bkDLControl" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1 softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\ = "_bkDLControl" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Control\ softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\ = "¹¤³Ì1" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\ProxyStubClsid32 softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSINET.OCX" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\InprocServer32 softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\InprocServer32\ThreadingModel = "Apartment" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\TypeLib softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} softup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" softup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908} softup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908} softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\FLAGS softup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ProxyStubClsid32 softup.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 5036 softup.exe 5036 softup.exe