Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2024, 05:49

General

  • Target

    YoudaoDict_crsky.exe

  • Size

    5.0MB

  • MD5

    722107a7992c996f3cd6643ada68a5b2

  • SHA1

    5efcb4d387160e15fe8580243eb55918ef2321af

  • SHA256

    c03e16449f67eeb2f73ac2dcf61b1dcc0a6f7520f97844931244b1646b4784b2

  • SHA512

    20e5397d6eb04f68e706ffc0253df4bf094ede2270e2c565fa6142a2707d672f676e714b656f80b0be67d8094ac73268c40f5c1e6de12e7a0b27030422d8f88d

  • SSDEEP

    98304:1CnulpP58XxoZPhp4xzJE+wvvgUMfbEH6jZ1R0FmuCieOQLNbpUUGaA:1CnapOXxoZPhKxzJMngU6bEaZ18mbNbc

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\YoudaoDict_crsky.exe
    "C:\Users\Admin\AppData\Local\Temp\YoudaoDict_crsky.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsj2001.tmp\ioSpecial.ini

    Filesize

    996B

    MD5

    cc7c65b56dfb726fe223fb7bd15ffa3d

    SHA1

    3bbc997be3f9e800f1c16f3137a205610cec0fc7

    SHA256

    c48cfae8da09e501eb6f3b21b31d802c05b3c4d4b5e67f7d8df1f0750106fb3e

    SHA512

    b1576fd33399e4187f13c83b83288f0d7dd2b43b9ebbcf5cd8cb0bd62afbafcfdd1134a9c2bee0077ad371b3cb3ce5d0895db8f8369bc306b647ff9401d5b825

  • \Users\Admin\AppData\Local\Temp\nsj2001.tmp\InstallOptions.dll

    Filesize

    33KB

    MD5

    c6e1bd79c42fae30f95db66d168ca034

    SHA1

    7cdd4a01b55b5e99b3f007e67c0f403e996af456

    SHA256

    4f13328bf6a006897b0ea5481a27fc96bc1edcf7eeb9816023f583471af2d5bb

    SHA512

    3b3214907be4c54362d615cdbe1dd7993fe825c8ae8cca76c8e27549bb3155a9c4970c2cf2711a97bf280f1958cf1aa41864226e2a68d32e6343c3704a9856f1