Overview

overview

7

Static

static

3

YoudaoDict_crsky.exe

windows7-x64

7

YoudaoDict_crsky.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Acrobat2Dict.dll

windows7-x64

3

Acrobat2Dict.dll

windows10-2004-x64

3

CrashRpt.dll

windows7-x64

3

CrashRpt.dll

windows10-2004-x64

3

InstallDaemon.exe

windows7-x64

3

InstallDaemon.exe

windows10-2004-x64

3

Monitor.exe

windows7-x64

3

Monitor.exe

windows10-2004-x64

3

RunDict.exe

windows7-x64

7

RunDict.exe

windows10-2004-x64

7

TextExtrac...32.dll

windows7-x64

3

TextExtrac...32.dll

windows10-2004-x64

3

TextExtrac...64.dll

windows7-x64

1

TextExtrac...64.dll

windows10-2004-x64

1

WordBook.exe

windows7-x64

3

WordBook.exe

windows10-2004-x64

3

WordStroke...32.dll

windows7-x64

3

WordStroke...32.dll

windows10-2004-x64

3

WordStroke...64.dll

windows7-x64

1

WordStroke...64.dll

windows10-2004-x64

1

XDLL.dll

windows7-x64

3

XDLL.dll

windows10-2004-x64

3

background.html

windows7-x64

3

background.html

windows10-2004-x64

3

lookup.js

windows7-x64

3

lookup.js

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-08-2024 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YoudaoDict_crsky.exe

  • Size

    5.0MB

  • MD5

    722107a7992c996f3cd6643ada68a5b2

  • SHA1

    5efcb4d387160e15fe8580243eb55918ef2321af

  • SHA256

    c03e16449f67eeb2f73ac2dcf61b1dcc0a6f7520f97844931244b1646b4784b2

  • SHA512

    20e5397d6eb04f68e706ffc0253df4bf094ede2270e2c565fa6142a2707d672f676e714b656f80b0be67d8094ac73268c40f5c1e6de12e7a0b27030422d8f88d

  • SSDEEP

    98304:1CnulpP58XxoZPhp4xzJE+wvvgUMfbEH6jZ1R0FmuCieOQLNbpUUGaA:1CnapOXxoZPhKxzJMngU6bEaZ18mbNbc

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\YoudaoDict_crsky.exe
    "C:\Users\Admin\AppData\Local\Temp\YoudaoDict_crsky.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsz6B3F.tmp\InstallOptions.dll
    Filesize

    33KB

    MD5

    c6e1bd79c42fae30f95db66d168ca034

    SHA1

    7cdd4a01b55b5e99b3f007e67c0f403e996af456

    SHA256

    4f13328bf6a006897b0ea5481a27fc96bc1edcf7eeb9816023f583471af2d5bb

    SHA512

    3b3214907be4c54362d615cdbe1dd7993fe825c8ae8cca76c8e27549bb3155a9c4970c2cf2711a97bf280f1958cf1aa41864226e2a68d32e6343c3704a9856f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz6B3F.tmp\ioSpecial.ini
    Filesize

    996B

    MD5

    3f7bd8effd236340bf61c0171e63d8ca

    SHA1

    fe001e995654ec3ec64a488f6bfd72548f1884be

    SHA256

    31557c21c8457bcbb02209636f3067d4ca2fa9a39cfaf31d72c54528721de033

    SHA512

    e9d4d0d2e486f1302c38d058a340065cd747087f30e4ff26f3fac03c6b70f5de46021bf3c6cadb17f8795e67243f2d1f3180cb7a916a615b32775b3fe57fcf0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz6B3F.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    9ac7a316838c86855ea0283dddf6467a

    SHA1

    9c1d59203ebeb7f433cf5643a379006ebe02cdf4

    SHA256

    4475fc7bb3033792b7108996fb85f15c09906c42e47f35c7ea814ef857a99b1a

    SHA512

    7609e2384084b0f71b64d453eb2ee54e01ac271102eee394e55e7715a20c16f9f822356f73d7029522a88800965c2e8290bf20d05a94584054550a7d61dbbef0

    Download Submit