Overview

overview

7

Static

static

5

2de691adb4...2d.exe

windows7-x64

7

2de691adb4...2d.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

kuaibo.exe

windows7-x64

7

kuaibo.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Codecs/CoreAVC.dll

windows7-x64

5

Codecs/CoreAVC.dll

windows10-2004-x64

5

Codecs/FLV...er.dll

windows7-x64

3

Codecs/FLV...er.dll

windows10-2004-x64

3

Codecs/MP4...er.dll

windows7-x64

3

Codecs/MP4...er.dll

windows10-2004-x64

3

Codecs/Mat...er.dll

windows7-x64

3

Codecs/Mat...er.dll

windows10-2004-x64

3

Codecs/Mpa...er.dll

windows7-x64

3

Codecs/Mpa...er.dll

windows10-2004-x64

3

Codecs/QMV...er.dll

windows7-x64

3

Codecs/QMV...er.dll

windows10-2004-x64

3

Codecs/Qmv...er.dll

windows7-x64

3

Codecs/Qmv...er.dll

windows10-2004-x64

3

Codecs/Qvo...ec.dll

windows7-x64

3

Codecs/Qvo...ec.dll

windows10-2004-x64

3

Codecs/QvodSound.dll

windows7-x64

3

Codecs/QvodSound.dll

windows10-2004-x64

3

Codecs/QvodSource.dll

windows7-x64

3

Codecs/QvodSource.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    26s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    13-11-2024 00:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kuaibo.exe

  • Size

    3.2MB

  • MD5

    f31f3458c48c12fa3d162a0bd2cbe15c

  • SHA1

    54b652afd8dc0ebbe28efa9fd0f7c307c649c800

  • SHA256

    6aa930e3e237db31ebd8df64e839767c3b21a9d310a941e4f6f2cb1fafd98210

  • SHA512

    91f0642b9f08337237ee127cb0488fd21716b5c3bea649c8668cc52de2f4903fc154f38d7f8121dab4ff312da40a80a370f9115d86f828d2000ac27f765955e7

  • SSDEEP

    98304:ggHhFtKcEsdW+phMOFkQ+2f7SPHOuY3AZVkSLJU:g2Kcnh/bBuOKjNU

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Drops file in Program Files directory 45 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\kuaibo.exe
    "C:\Users\Admin\AppData\Local\Temp\kuaibo.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsyCA24.tmp\ioSpecial.ini
    Filesize

    706B

    MD5

    c28958e10e32dc9a9f2f699b433886b3

    SHA1

    cdaf79dac60dd30b4523c27c1ecd9edf4ceb7d7b

    SHA256

    65b1783b21645535556f8df24b4fc2fd8a34e2d498048edee9a942096c6fcd09

    SHA512

    eafc606cb92cb5b5e80a53cdf07b136bb376a28c7b3c2b975133b6e3dee8b4ae51c84d883377ce9a179645ffe92ed0df6512e6ba90456c123228cd09704eb24c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyCA24.tmp\ioSpecial.ini
    Filesize

    784B

    MD5

    8b7c48325013412c9a765764238b49df

    SHA1

    8e01f3ff30af72faaeac3cb5a31bf54f76d9817e

    SHA256

    42107757ff7c6bfdaf324af3aa72ad0f6c1b1f93d90fd334a97794cb3ce657f7

    SHA512

    2682f71e68d184adde055f5ae211c1be4e5193f0e4d1274f979df64d18927759d83bf44655e35709b88c2e3e41f94dbba013f709467f4d04c79d62ae3ad58186

    Download Submit

  • \Program Files (x86)\QvodPlayer\NetUtil.dll
    Filesize

    134KB

    MD5

    f35c3050cf7db1095c50b788f2a8fca8

    SHA1

    2279c47413f9ea033eb12a275f56104c9c4cdf72

    SHA256

    df2fdefb72a3c8c346726c9e2788d8e84cfff44652abf235d86e8e2a618058f4

    SHA512

    7e6a9298903c3a94bca054e8333fc27cc588f4ffe493f42f98486888b297a265f9cd9dde38c592ca953ee64bbe364e7f6da64aaae231b43aca05055ae597f05d

    Download Submit

  • \Program Files (x86)\QvodPlayer\PlayCtrl.dll
    Filesize

    163KB

    MD5

    4907451bf7537380a4b0fac6b73d7ebd

    SHA1

    2d0fe6b1909a7aa4f872bbeb1fe7d0f52e655f59

    SHA256

    9c3934025f4711ac3c1c49e7777505fca44ad750b69b714eca4a274b9287c9a2

    SHA512

    2e054c08926c91ee4bac9ac7366a0ab1c184a98d9ac64ea14744e8d37e26672dc4ec20abaa788856ff5002dc543cc78d9c090ba05de18ca262ec19b3e6e33a83

    Download Submit

  • \Program Files (x86)\QvodPlayer\QvodStatistic.dll
    Filesize

    112KB

    MD5

    bd4a461f7acb661d1bda3e9dc0b2175c

    SHA1

    3b4d5eb452d0d65a0c534c8411f2db8ffd3503df

    SHA256

    bfde8938d04dba3027f448082c04e544f244f622282e3acd3f65fadb060e2eda

    SHA512

    3e48cdc1a88701b4c9d6b78439064b56a113cbaef17310d155b17740396be5414cf17efdf8bd422b99bbfedaf079e608cf7ad263ae2c904ab1986da24a12a987

    Download Submit

  • \Program Files (x86)\QvodPlayer\npQvodInsert.dll
    Filesize

    661KB

    MD5

    0a6324504898ad0410efd545c9751399

    SHA1

    ba5c1251dd11f9f1df1536fed808c907fa796043

    SHA256

    cec6ed44920f1ec1b092d2c7f0114f043092c734b26c964611e138e43fe57889

    SHA512

    a9e61904af3cb8e36ea9b739f62218857a521a197eb7078af4fb3f4c570f0c5c706de1e27a2206ce949e5a70ee4e4e9ba2a5b9859be6a424e65610a1b02725bd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyCA24.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    67d8f4d5acdb722e9cb7a99570b3ded1

    SHA1

    f4a729ba77332325ea4dbdeea98b579f501fd26f

    SHA256

    fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

    SHA512

    03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyCA24.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit

  • memory/2252-52-0x0000000007C10000-0x0000000007CB9000-memory.dmp

    Filesize

    676KB

    Download

  • memory/2252-57-0x0000000002560000-0x0000000002580000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2252-61-0x0000000002580000-0x00000000025A2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2252-65-0x0000000002600000-0x0000000002629000-memory.dmp

    Filesize

    164KB

    Download