Overview

overview

8

Static

static

3

doudou_BL_...ai.exe

windows7-x64

7

doudou_BL_...ai.exe

windows10-2004-x64

7

$PLUGINSDI...up.exe

windows7-x64

8

$PLUGINSDI...up.exe

windows10-2004-x64

8

$PLUGINSDI...sW.dll

windows7-x64

3

$PLUGINSDI...sW.dll

windows10-2004-x64

3

$PLUGINSDI...86.exe

windows7-x64

7

$PLUGINSDI...86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe

  • Size

    100.4MB

  • MD5

    cd7120f0525e25a7f468ba659c2f09ec

  • SHA1

    794dac92693ebdecb09aee22c92cc1022d6e089e

  • SHA256

    73ce1277ab8bd148f5c40e121c1fd7710acb1443e074c0f926b871c36f0f35bc

  • SHA512

    3d6e0eb2edc54697e9bae03ddde0b49393ae21ad358a01732d15d1057f65e50d6c1c08748c2a6e586df34613eb1a4db3605dc651c39792502b49252e4837aaed

  • SSDEEP

    3145728:7jtmK+4P8V7Hfi+pu/NazL2AkrMJ/OBLaCq1b3/:AK+HV7/i+aa3NCe/

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe
    "C:\Users\Admin\AppData\Local\Temp\doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsdC562.tmp\System.dll
    Filesize

    12KB

    MD5

    8cf2ac271d7679b1d68eefc1ae0c5618

    SHA1

    7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    SHA256

    6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    SHA512

    ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsdC562.tmp\setupdll.dll
    Filesize

    3.1MB

    MD5

    8473801a9762f5bfe901cb84680307ad

    SHA1

    362f43a2d1a4dc25c1b9c42f6162c9a7bb3888ea

    SHA256

    3860d0f62b906dd18bb7ef31b46ec8f04b1b07e6623bf607ab07907b2766c80d

    SHA512

    cc133c7364dcd5a7151498632ccd4144f667616b398ac06578e662b186201410d792e2147115c7c3f15535f25c052782209e23b2d639809ce193704450ba3d55

    Download Submit
  • memory/1308-14-0x0000000002B70000-0x0000000002BB0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1308-15-0x0000000002B70000-0x0000000002BB0000-memory.dmp
    Filesize

    256KB

    Download