Overview

overview

7

Static

static

3

netdict.exe

windows7-x64

7

netdict.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

temp/modules/addr.dll

windows7-x64

6

temp/modules/addr.dll

windows10-2004-x64

6

temp/modules/auxr.dll

windows7-x64

7

temp/modules/auxr.dll

windows10-2004-x64

7

temp/modul...ct.exe

windows7-x64

3

temp/modul...ct.exe

windows10-2004-x64

3

temp/modul...vr.exe

windows7-x64

3

temp/modul...vr.exe

windows10-2004-x64

3

temp/modul...ll.exe

windows7-x64

3

temp/modul...ll.exe

windows10-2004-x64

3

temp/modules/sign.dll

windows7-x64

3

temp/modules/sign.dll

windows10-2004-x64

3

temp/modul...07.dll

windows7-x64

1

temp/modul...07.dll

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 05:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    temp/modules/netdict.exe

  • Size

    2.0MB

  • MD5

    7a0691b3541522327c9c0fcdac0acd37

  • SHA1

    4c20861ec41b96b568e0d9256735d27e4bf3236a

  • SHA256

    501c4258839ef9c9baf8d5f5e1eceb321ac5b403e99430352736e96c9248243c

  • SHA512

    fa7517064f519e19f79db9184dae342e095c8f962f1bf3445aacf95de5dbfb7ce8e408553d6b5813698a9ba30d52860b0ffea8d8201f8abec398b3cacbb55952

  • SSDEEP

    24576:8/xEbl2ZH/3Df2fVNR+z32S9Wyss8TuXaKdxh3CM9YmrPVaEQb2YMhZNlEnb90lC:8/xmYZfDf/rwyrqKsM9FZezjTkb38

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\temp\modules\netdict.exe
    "C:\Users\Admin\AppData\Local\Temp\temp\modules\netdict.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2468

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\temp\modules\KwData\NetDict\user.ini
          Filesize

          90B

          MD5

          406ee9d70237a1f06837663339a61814

          SHA1

          67471bf9fa09caa8a4d673e6ae2d018c22d42faa

          SHA256

          5d6b5a3c94a292a696c7bd40d8969617b486337943918c88e5d3984c992488c8

          SHA512

          61d693ca84363d03c9096eb137cda66d4bed6e978c173760df41f8ca96ea6fb0e1b436d588bd133cf3e0b65b777a540931b00a57e083664d1c8d611e81d54f2b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\temp\modules\KwData\NetDict\user.ini
          Filesize

          41B

          MD5

          b07dfff4f279fbaaa85b934423dc4cc6

          SHA1

          91347705dba5469c7caa21b2da7034e774ee2b61

          SHA256

          24f7d775cfba1c31c80c4ea2eadcd133bb09e6f542a571e669af6ba3dcffacda

          SHA512

          06c3350b30f65ebd09c4c8b499f4341c30d81fcdd6952c8bc600e2c103799cb1174a9394306ff9824fabb0450111f88f6c682eaf3bdffd4d1da36e48f5b12efa

          Download Submit