Resubmissions

05-11-2024 09:43

241105-lpwmlsydrh 7

05-11-2024 09:39

241105-lm15bazbnl 7

05-11-2024 09:32

241105-lh19hsxrbx 7

Analysis

  • max time kernel
    300s
  • max time network
    305s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-11-2024 09:39

General

  • Target

    YoudaoDict_webdict_default.exe

  • Size

    44.1MB

  • MD5

    ef0ec7639a2327198d32e8d528a7a2db

  • SHA1

    fc6917fabd33972667ff5b3eb38089e5c96b0ced

  • SHA256

    bad7d78cbcfd337d88acfc3103dcb81a6ec572c4a7aca341cee073604157b5e9

  • SHA512

    0b5966fe0108156f61d1cebbe747aff151ded0e415199e3c9b8f2511d69c9e21a8d14c6f19381989696966f192ff1f62f80e37e0c095a5af6b04a27fcbe0a4a1

  • SSDEEP

    786432:9Zf+ZXfZzcbxjb4/SYJfiUCcdN8HeQgUQKtmLMUlW0QXVtDe8Yyfa8:7f+ZXhKjk/TJqUv/QgUQ0mLxXUDeCr

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\YoudaoDict_webdict_default.exe
    "C:\Users\Admin\AppData\Local\Temp\YoudaoDict_webdict_default.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\LockedList.dll

    Filesize

    95KB

    MD5

    5a94bf8916a11b5fe94aca44886c9393

    SHA1

    820d9c5e3365e323d6f43d3cce26fd9d2ea48b93

    SHA256

    0b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d

    SHA512

    79cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\OP_WndProc.dll

    Filesize

    48KB

    MD5

    765cf74fc709fb3450fa71aac44e7f53

    SHA1

    b423271b4faac68f88fef15fa4697cf0149bad85

    SHA256

    cc46ab0bf6b19a2601cd002b06769ad08baf4ed0b14e8728973f8af96bdee57e

    SHA512

    0c347d9a2960a17f8ec9b78ede972bf3cf6567fd079a6aa5a6ac262ac227bfd36acc53a7a127fd7f387dec9f4509f4f3f754b10853a213e993ea1573e74ed7e6

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\SkinBtn.dll

    Filesize

    4KB

    MD5

    29818862640ac659ce520c9c64e63e9e

    SHA1

    485e1e6cc552fa4f05fb767043b1e7c9eb80be64

    SHA256

    e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb

    SHA512

    ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\System.dll

    Filesize

    11KB

    MD5

    bf712f32249029466fa86756f5546950

    SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\btn_agree.bmp

    Filesize

    38KB

    MD5

    a8aad0bbeab0b6890a01ae96e021de89

    SHA1

    7c6d6d23c24ce694fe453e16d65c4d030addcced

    SHA256

    93ddd683f0aff0d0ef83d9256d925aa4cff97bde8a19f7868946b378416fb76b

    SHA512

    7211b259907f46c63fa668c4534c2ee68e88ec7659052ee0d6a7398aa1513308a4ccee596cedc43ed713ac64b3307bc4ce3ac823377d64c94072e30cd7e8ff27

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\btn_disagree.bmp

    Filesize

    38KB

    MD5

    bf79dc7f118e58a1be313a250106e277

    SHA1

    ed2d21493244090059225f3d47f5fc20e75f0c29

    SHA256

    a8507e762a8abce98c7ba16b322927243492a9ff3bcfbd0e75f05fbcec1f1439

    SHA512

    59582b7484a16d10160331d60779c983587a57dbddbe318d5069299e850b8c66afc15e744e1f18f8ad5cd55f637aaeb5ee01724b571a5068a9202ce676cde94d

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\btn_install.bmp

    Filesize

    116KB

    MD5

    9521f2ab5ffd201e8d18336aff17b35f

    SHA1

    14057ed5cd521d672e101f40c363e04566763482

    SHA256

    648dfe8f47610a6a078d9cebc7da17ec577354c1877e9180fc58dff5415bc497

    SHA512

    312ecaf39d973a62b3f144def64e72a7fdc532bdaf4d245b7f0475db0b84357349a9cfc4dcca261621d997bf4cdd5955daf86bac3a1d579d75c90b670d3aa93c

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\checkbox.bmp

    Filesize

    3KB

    MD5

    8fbdda129fc2e7f63497c33022318d05

    SHA1

    480e061e9454e8b025468811d8b9919c7d08b9b4

    SHA256

    4ebd1a0dbc8d25da6659013705d4d6810b2e378e176354589697ad7ce71522dc

    SHA512

    2e88b65e56f4642d7e506343f523a9840d58a5a4c52abdd6442ea772c536bc7a957ff9376376649acef404baeb2eba1cd1866235454b258561575f230e0a6afe

  • C:\Users\Admin\AppData\Local\Temp\nshB279.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    4ccc4a742d4423f2f0ed744fd9c81f63

    SHA1

    704f00a1acc327fd879cf75fc90d0b8f927c36bc

    SHA256

    416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

    SHA512

    790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

  • memory/3556-72-0x0000000074160000-0x0000000074166000-memory.dmp

    Filesize

    24KB

  • memory/3556-70-0x0000000074160000-0x0000000074166000-memory.dmp

    Filesize

    24KB

  • memory/3556-67-0x0000000007810000-0x0000000007811000-memory.dmp

    Filesize

    4KB

  • memory/3556-68-0x0000000074164000-0x0000000074165000-memory.dmp

    Filesize

    4KB

  • memory/3556-102-0x0000000074164000-0x0000000074165000-memory.dmp

    Filesize

    4KB

  • memory/3556-103-0x0000000074160000-0x0000000074166000-memory.dmp

    Filesize

    24KB