Overview
overview
7Static
static
3YoudaoDict...lt.exe
windows10-2004-x64
7$PLUGINSDI...er.exe
windows10-2004-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3$PLUGINSDI...ng.dll
windows10-2004-x64
3$PLUGINSDI...ar.dll
windows10-2004-x64
3$PLUGINSDI...oc.dll
windows10-2004-x64
3$PLUGINSDI...tn.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...on.exe
windows10-2004-x64
$PLUGINSDI...er.exe
windows10-2004-x64
3$PLUGINSDI...ar.exe
windows10-2004-x64
3$PLUGINSDIR/child.rtf
windows10-2004-x64
18.10.0.0/CrashRpt.dll
windows10-2004-x64
38.10.0.0/Monitor.exe
windows10-2004-x64
38.10.0.0/T...32.dll
windows10-2004-x64
38.10.0.0/T...64.dll
windows10-2004-x64
18.10.0.0/W...32.dll
windows10-2004-x64
38.10.0.0/W...64.dll
windows10-2004-x64
18.10.0.0/XDLL.dll
windows10-2004-x64
38.10.0.0/Y...ct.dll
windows10-2004-x64
38.10.0.0/Y...t7.dll
windows10-2004-x64
38.10.0.0/Y...st.exe
windows10-2004-x64
38.10.0.0/Y...er.exe
windows10-2004-x64
38.10.0.0/Y...gin.js
windows10-2004-x64
3$PLUGINSDI...se.rtf
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ow.dll
windows10-2004-x64
3$PLUGINSDI...cy.rtf
windows10-2004-x64
1$_67_/Inst...on.exe
windows10-2004-x64
3$_67_/Youd...er.exe
windows10-2004-x64
3uninst.exe
windows10-2004-x64
7Resubmissions
05-11-2024 09:43
241105-lpwmlsydrh 705-11-2024 09:39
241105-lm15bazbnl 705-11-2024 09:32
241105-lh19hsxrbx 7Analysis
-
max time kernel
300s -
max time network
305s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05-11-2024 09:39
Behavioral task
behavioral1
Sample
YoudaoDict_webdict_default.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/InstallHelper.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LockedList.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/OP_Logging.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/OP_ProgressBar.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/OP_WndProc.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/SkinBtn.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/YoudaoDictIcon.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/YoudaoDictInstaller.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/YoudaoToolbar.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/child.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
8.10.0.0/CrashRpt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
8.10.0.0/Monitor.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
8.10.0.0/TextExtractorImpl32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
8.10.0.0/TextExtractorImpl64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
8.10.0.0/WordStrokeHelper32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
8.10.0.0/WordStrokeHelper64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
8.10.0.0/XDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
8.10.0.0/YodaoDict.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
8.10.0.0/YodaoDict7.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
8.10.0.0/YoudaoCookieAssist.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
8.10.0.0/YoudaoDictHelper.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
8.10.0.0/YoudaoDictPlugin.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/license.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsisSlideshow.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/privacy.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
$_67_/InstallDaemon.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$_67_/YoudaoDictInstaller.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
uninst.exe
Resource
win10v2004-20241007-en
General
-
Target
YoudaoDict_webdict_default.exe
-
Size
44.1MB
-
MD5
ef0ec7639a2327198d32e8d528a7a2db
-
SHA1
fc6917fabd33972667ff5b3eb38089e5c96b0ced
-
SHA256
bad7d78cbcfd337d88acfc3103dcb81a6ec572c4a7aca341cee073604157b5e9
-
SHA512
0b5966fe0108156f61d1cebbe747aff151ded0e415199e3c9b8f2511d69c9e21a8d14c6f19381989696966f192ff1f62f80e37e0c095a5af6b04a27fcbe0a4a1
-
SSDEEP
786432:9Zf+ZXfZzcbxjb4/SYJfiUCcdN8HeQgUQKtmLMUlW0QXVtDe8Yyfa8:7f+ZXhKjk/TJqUv/QgUQ0mLxXUDeCr
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 3556 YoudaoDict_webdict_default.exe 3556 YoudaoDict_webdict_default.exe 3556 YoudaoDict_webdict_default.exe 3556 YoudaoDict_webdict_default.exe 3556 YoudaoDict_webdict_default.exe 3556 YoudaoDict_webdict_default.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language YoudaoDict_webdict_default.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
95KB
MD55a94bf8916a11b5fe94aca44886c9393
SHA1820d9c5e3365e323d6f43d3cce26fd9d2ea48b93
SHA2560b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d
SHA51279cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20
-
Filesize
48KB
MD5765cf74fc709fb3450fa71aac44e7f53
SHA1b423271b4faac68f88fef15fa4697cf0149bad85
SHA256cc46ab0bf6b19a2601cd002b06769ad08baf4ed0b14e8728973f8af96bdee57e
SHA5120c347d9a2960a17f8ec9b78ede972bf3cf6567fd079a6aa5a6ac262ac227bfd36acc53a7a127fd7f387dec9f4509f4f3f754b10853a213e993ea1573e74ed7e6
-
Filesize
4KB
MD529818862640ac659ce520c9c64e63e9e
SHA1485e1e6cc552fa4f05fb767043b1e7c9eb80be64
SHA256e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb
SHA512ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057
-
Filesize
11KB
MD5bf712f32249029466fa86756f5546950
SHA175ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA2567851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA51213f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
Filesize
38KB
MD5a8aad0bbeab0b6890a01ae96e021de89
SHA17c6d6d23c24ce694fe453e16d65c4d030addcced
SHA25693ddd683f0aff0d0ef83d9256d925aa4cff97bde8a19f7868946b378416fb76b
SHA5127211b259907f46c63fa668c4534c2ee68e88ec7659052ee0d6a7398aa1513308a4ccee596cedc43ed713ac64b3307bc4ce3ac823377d64c94072e30cd7e8ff27
-
Filesize
38KB
MD5bf79dc7f118e58a1be313a250106e277
SHA1ed2d21493244090059225f3d47f5fc20e75f0c29
SHA256a8507e762a8abce98c7ba16b322927243492a9ff3bcfbd0e75f05fbcec1f1439
SHA51259582b7484a16d10160331d60779c983587a57dbddbe318d5069299e850b8c66afc15e744e1f18f8ad5cd55f637aaeb5ee01724b571a5068a9202ce676cde94d
-
Filesize
116KB
MD59521f2ab5ffd201e8d18336aff17b35f
SHA114057ed5cd521d672e101f40c363e04566763482
SHA256648dfe8f47610a6a078d9cebc7da17ec577354c1877e9180fc58dff5415bc497
SHA512312ecaf39d973a62b3f144def64e72a7fdc532bdaf4d245b7f0475db0b84357349a9cfc4dcca261621d997bf4cdd5955daf86bac3a1d579d75c90b670d3aa93c
-
Filesize
3KB
MD58fbdda129fc2e7f63497c33022318d05
SHA1480e061e9454e8b025468811d8b9919c7d08b9b4
SHA2564ebd1a0dbc8d25da6659013705d4d6810b2e378e176354589697ad7ce71522dc
SHA5122e88b65e56f4642d7e506343f523a9840d58a5a4c52abdd6442ea772c536bc7a957ff9376376649acef404baeb2eba1cd1866235454b258561575f230e0a6afe
-
Filesize
9KB
MD54ccc4a742d4423f2f0ed744fd9c81f63
SHA1704f00a1acc327fd879cf75fc90d0b8f927c36bc
SHA256416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
SHA512790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb