Overview
overview
7Static
static
3imgdksetup.exe
windows7-x64
7imgdksetup.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3MSINET.dll
windows7-x64
1MSINET.dll
windows10-2004-x64
1bkDLControl.dll
windows7-x64
1bkDLControl.dll
windows10-2004-x64
1getradio.exe
windows7-x64
1getradio.exe
windows10-2004-x64
1sethui.exe
windows7-x64
1sethui.exe
windows10-2004-x64
1softup.exe
windows7-x64
1softup.exe
windows10-2004-x64
1start.exe
windows7-x64
1start.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7yfDNetMenu.dll
windows7-x64
1yfDNetMenu.dll
windows10-2004-x64
1�...��.exe
windows7-x64
1�...��.exe
windows10-2004-x64
1新云软件.url
windows7-x64
1新云软件.url
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
22-07-2024 08:34
Static task
static1
Behavioral task
behavioral1
Sample
imgdksetup.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
imgdksetup.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MSINET.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
MSINET.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
bkDLControl.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
bkDLControl.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
getradio.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
getradio.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
sethui.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral12
Sample
sethui.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
softup.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
softup.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
start.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
start.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
uninst.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
uninst.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
yfDNetMenu.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
yfDNetMenu.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
ֽԶ.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
ֽԶ.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
新云软件.url
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
新云软件.url
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
ֽԶ.exe
-
Size
964KB
-
MD5
98e21af34c9d376647e2c71c7cf2dd29
-
SHA1
805f668eadd94c9b7f9b7c4d9485df7670a1fbc6
-
SHA256
26ee0517971745b62f1f4a828e111f4222befd15f9aeb5faad4d65671f1e7acc
-
SHA512
10d0597dde94bf12265c6a39728fd2382566b5d1e5bff7e23adbe2dd6485351833dd68b25220f6cc64513b934aecb645f10ae34a8bd3d8717a545f0af92a629d
-
SSDEEP
12288:4AUQY70B3g8j3m5LZUBO35sTtp6M0TPdf3g8j03Xu8ygSPxptaq8Zw:oQY70O8j3mE/6M0TPS8jwwcq8
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\0 ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\ = "Microsoft Internet Transfer Control 6.0 (SP6)" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ = "__bkDLControl" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\FLAGS\ = "2" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0 ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\TypeLib ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Control\ ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908} ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\TypeLib\ = "{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\MiscStatus ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1 ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\ = "1.0" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\ = "132497" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\TypeLib ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} ֽԶ.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0 ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSINET.OCX" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\¹¤³Ì1.bkDLControl\ = "¹¤³Ì1.bkDLControl" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ = "__bkDLControl" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\TypeLib\Version = "1.0" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\ProgID ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSINET.OCX" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{20DD27F9-A698-4CD1-B995-1ED20DBDB6B9}\1.0\HELPDIR ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} ֽԶ.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID\ = "InetCtls.Inet.1" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{48E59290-9880-11CF-9754-00AA00C00908} ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0 (SP6)" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\MiscStatus\ = "0" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D97D589B-E6A5-4D73-8886-DDF05C712BB8}\MiscStatus\1\ = "147857" ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} ֽԶ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908} ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE216C05-52BF-4300-85E6-F4FD2A1DFF2D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5257B59E-5D6B-4EBA-B934-B54C47DCBC09}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" ֽԶ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" ֽԶ.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2620 ֽԶ.exe 2620 ֽԶ.exe