Overview

overview

7

Static

static

5

613e2610f5...7N.exe

windows7-x64

7

613e2610f5...7N.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

kuaibo.exe

windows7-x64

7

kuaibo.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Codecs/CoreAVC.dll

windows7-x64

5

Codecs/CoreAVC.dll

windows10-2004-x64

5

Codecs/FLV...er.dll

windows7-x64

3

Codecs/FLV...er.dll

windows10-2004-x64

3

Codecs/MP4...er.dll

windows7-x64

3

Codecs/MP4...er.dll

windows10-2004-x64

3

Codecs/Mat...er.dll

windows7-x64

3

Codecs/Mat...er.dll

windows10-2004-x64

3

Codecs/Mpa...er.dll

windows7-x64

3

Codecs/Mpa...er.dll

windows10-2004-x64

3

Codecs/QMV...er.dll

windows7-x64

3

Codecs/QMV...er.dll

windows10-2004-x64

3

Codecs/Qmv...er.dll

windows7-x64

3

Codecs/Qmv...er.dll

windows10-2004-x64

3

Codecs/Qvo...ec.dll

windows7-x64

3

Codecs/Qvo...ec.dll

windows10-2004-x64

3

Codecs/QvodSound.dll

windows7-x64

3

Codecs/QvodSound.dll

windows10-2004-x64

3

Codecs/QvodSource.dll

windows7-x64

3

Codecs/QvodSource.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    26s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 23:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kuaibo.exe

  • Size

    3.2MB

  • MD5

    f31f3458c48c12fa3d162a0bd2cbe15c

  • SHA1

    54b652afd8dc0ebbe28efa9fd0f7c307c649c800

  • SHA256

    6aa930e3e237db31ebd8df64e839767c3b21a9d310a941e4f6f2cb1fafd98210

  • SHA512

    91f0642b9f08337237ee127cb0488fd21716b5c3bea649c8668cc52de2f4903fc154f38d7f8121dab4ff312da40a80a370f9115d86f828d2000ac27f765955e7

  • SSDEEP

    98304:ggHhFtKcEsdW+phMOFkQ+2f7SPHOuY3AZVkSLJU:g2Kcnh/bBuOKjNU

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Drops file in Program Files directory 45 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kuaibo.exe
    "C:\Users\Admin\AppData\Local\Temp\kuaibo.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd6CB9.tmp\ioSpecial.ini
    Filesize

    784B

    MD5

    e2c4be174af850de71e835b1a014fa2d

    SHA1

    484203ee0b3f3f0bb2703a9e288d6b9f2440bedb

    SHA256

    ba83eed573c7f0982afc4940ff78a292d778e63e48db986c0b00ceeb21c7ac89

    SHA512

    bbea41e554d2eefc6583bef5af79e88b9c86988cced04bcaf8a8c30c93ab91e19bf43cd03cc7f20e9985444e92d796b8921a787a3fb8091199cd6908122a6b52

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd6CB9.tmp\ioSpecial.ini
    Filesize

    706B

    MD5

    4022f61e15633dca1b03b8fca48f5441

    SHA1

    3623e87852dc1d2d477d9f03ee55f39b0f269362

    SHA256

    df19587cd88ad5ff7a9fe986c6651db44006d2a56aa18a390945dce511fef06f

    SHA512

    a9e4bf8e48609e2ce243d98136e9980854a4aa9933a2fad77fcbbde5bc2523a7081185068ba051f3c46f2b5700f8f09b5c5486b0475f1e38f859dba50eca0061

    Download Submit

  • \Program Files (x86)\QvodPlayer\NetUtil.dll
    Filesize

    134KB

    MD5

    f35c3050cf7db1095c50b788f2a8fca8

    SHA1

    2279c47413f9ea033eb12a275f56104c9c4cdf72

    SHA256

    df2fdefb72a3c8c346726c9e2788d8e84cfff44652abf235d86e8e2a618058f4

    SHA512

    7e6a9298903c3a94bca054e8333fc27cc588f4ffe493f42f98486888b297a265f9cd9dde38c592ca953ee64bbe364e7f6da64aaae231b43aca05055ae597f05d

    Download Submit

  • \Program Files (x86)\QvodPlayer\PlayCtrl.dll
    Filesize

    163KB

    MD5

    4907451bf7537380a4b0fac6b73d7ebd

    SHA1

    2d0fe6b1909a7aa4f872bbeb1fe7d0f52e655f59

    SHA256

    9c3934025f4711ac3c1c49e7777505fca44ad750b69b714eca4a274b9287c9a2

    SHA512

    2e054c08926c91ee4bac9ac7366a0ab1c184a98d9ac64ea14744e8d37e26672dc4ec20abaa788856ff5002dc543cc78d9c090ba05de18ca262ec19b3e6e33a83

    Download Submit

  • \Program Files (x86)\QvodPlayer\QvodStatistic.dll
    Filesize

    112KB

    MD5

    bd4a461f7acb661d1bda3e9dc0b2175c

    SHA1

    3b4d5eb452d0d65a0c534c8411f2db8ffd3503df

    SHA256

    bfde8938d04dba3027f448082c04e544f244f622282e3acd3f65fadb060e2eda

    SHA512

    3e48cdc1a88701b4c9d6b78439064b56a113cbaef17310d155b17740396be5414cf17efdf8bd422b99bbfedaf079e608cf7ad263ae2c904ab1986da24a12a987

    Download Submit

  • \Program Files (x86)\QvodPlayer\npQvodInsert.dll
    Filesize

    661KB

    MD5

    0a6324504898ad0410efd545c9751399

    SHA1

    ba5c1251dd11f9f1df1536fed808c907fa796043

    SHA256

    cec6ed44920f1ec1b092d2c7f0114f043092c734b26c964611e138e43fe57889

    SHA512

    a9e61904af3cb8e36ea9b739f62218857a521a197eb7078af4fb3f4c570f0c5c706de1e27a2206ce949e5a70ee4e4e9ba2a5b9859be6a424e65610a1b02725bd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6CB9.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    67d8f4d5acdb722e9cb7a99570b3ded1

    SHA1

    f4a729ba77332325ea4dbdeea98b579f501fd26f

    SHA256

    fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

    SHA512

    03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6CB9.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit

  • memory/2816-52-0x0000000006CE0000-0x0000000006D89000-memory.dmp

    Filesize

    676KB

    Download

  • memory/2816-57-0x0000000002A70000-0x0000000002A90000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2816-61-0x0000000007910000-0x0000000007932000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2816-65-0x0000000007940000-0x0000000007969000-memory.dmp

    Filesize

    164KB

    Download