Overview
overview
7Static
static
52de691adb4...2d.exe
windows7-x64
72de691adb4...2d.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3kuaibo.exe
windows7-x64
7kuaibo.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Codecs/CoreAVC.dll
windows7-x64
5Codecs/CoreAVC.dll
windows10-2004-x64
5Codecs/FLV...er.dll
windows7-x64
3Codecs/FLV...er.dll
windows10-2004-x64
3Codecs/MP4...er.dll
windows7-x64
3Codecs/MP4...er.dll
windows10-2004-x64
3Codecs/Mat...er.dll
windows7-x64
3Codecs/Mat...er.dll
windows10-2004-x64
3Codecs/Mpa...er.dll
windows7-x64
3Codecs/Mpa...er.dll
windows10-2004-x64
3Codecs/QMV...er.dll
windows7-x64
3Codecs/QMV...er.dll
windows10-2004-x64
3Codecs/Qmv...er.dll
windows7-x64
3Codecs/Qmv...er.dll
windows10-2004-x64
3Codecs/Qvo...ec.dll
windows7-x64
3Codecs/Qvo...ec.dll
windows10-2004-x64
3Codecs/QvodSound.dll
windows7-x64
3Codecs/QvodSound.dll
windows10-2004-x64
3Codecs/QvodSource.dll
windows7-x64
3Codecs/QvodSource.dll
windows10-2004-x64
3Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-11-2024 00:10
Behavioral task
behavioral1
Sample
2de691adb4984c996a0de98c998dc968d80244a61415da63a54744ce434fb12d.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
2de691adb4984c996a0de98c998dc968d80244a61415da63a54744ce434fb12d.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsTools.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsTools.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
kuaibo.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral8
Sample
kuaibo.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Codecs/CoreAVC.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
Codecs/CoreAVC.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Codecs/FLVSplitter.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
Codecs/FLVSplitter.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Codecs/MP4Splitter.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
Codecs/MP4Splitter.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Codecs/MatroskaSplitter.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
Codecs/MatroskaSplitter.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Codecs/MpaSplitter.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
Codecs/MpaSplitter.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Codecs/QMVSplitterFilter.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral24
Sample
Codecs/QMVSplitterFilter.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Codecs/QmvbSplitter.dll
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral26
Sample
Codecs/QmvbSplitter.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Codecs/QvodMpeg2Dec.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
Codecs/QvodMpeg2Dec.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Codecs/QvodSound.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
Codecs/QvodSound.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Codecs/QvodSource.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
Codecs/QvodSource.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
kuaibo.exe
-
Size
3.2MB
-
MD5
f31f3458c48c12fa3d162a0bd2cbe15c
-
SHA1
54b652afd8dc0ebbe28efa9fd0f7c307c649c800
-
SHA256
6aa930e3e237db31ebd8df64e839767c3b21a9d310a941e4f6f2cb1fafd98210
-
SHA512
91f0642b9f08337237ee127cb0488fd21716b5c3bea649c8668cc52de2f4903fc154f38d7f8121dab4ff312da40a80a370f9115d86f828d2000ac27f765955e7
-
SSDEEP
98304:ggHhFtKcEsdW+phMOFkQ+2f7SPHOuY3AZVkSLJU:g2Kcnh/bBuOKjNU
Malware Config
Signatures
-
Loads dropped DLL 11 IoCs
pid Process 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe 2244 kuaibo.exe -
Drops file in Program Files directory 45 IoCs
description ioc Process File created C:\Program Files (x86)\QvodPlayer\Codecs\RealMediaSplitter.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\skin_insert.xml kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\NetAgent.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\QvodSound.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\FLVSplitter.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\QMVSplitterFilter.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\dsfVorbisDecoder.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\pause.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\stop.png kuaibo.exe File opened for modification C:\Program Files (x86)\Browser\config.ini kuaibo.exe File opened for modification C:\Program Files (x86)\QvodPlayer\isWrite\ kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\VP8DecFilter.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\volume_bg.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\volume_has.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\NetUtil.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\real\pncrt.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\real\cook.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\QvodStatistic.xml kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\real\drvc.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\CoreAVC.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\QmvbSplitter.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\play.png kuaibo.exe File opened for modification C:\Program Files (x86)\QvodPlayer\ kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\QvodNet.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\pro_head.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\thrumpet_mute.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\QvodMpeg2Dec.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\QvodSource.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\real\drv2.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\MpaSplitter.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\real\raac.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\MP4Splitter.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Codecs\MatroskaSplitter.ax kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\block.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\QmvPlus.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\dblite.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\QvodStatistic.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\controlbar_bg.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\net_full_btn.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\speed.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\Skins\Common\thrumpet3.png kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\PlayCtrl.dll kuaibo.exe File created C:\Program Files (x86)\QvodPlayer\QvodPlayMedia.dll kuaibo.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language kuaibo.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\QvodInsert kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\QvodInsert\application/qvod-plugin kuaibo.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main kuaibo.exe -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://url.cn/VfGpU7" kuaibo.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\TypeLib kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\QvodInsert.DLL kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\InprocServer32\ = "C:\\Program Files (x86)\\QvodPlayer\\npQvodInsert.dll" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\MiscStatus\1 kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\TypeLib\Version = "1.0" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F} kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\TypeLib\Version = "1.0" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\TypeLib kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/qvod-plugin\CLSID = "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\MiscStatus kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Implemented Categories kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\ProxyStubClsid32 kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl.1 kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl\CurVer kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\ = "_IQvodCtrlEvents" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\ProxyStubClsid32 kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{2462C5DB-27C6-4CE8-81EF-3204D612A421} kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ = "QvodCtrl Class" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\VersionIndependentProgID kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\QvodPlayer\\npQvodInsert.dll, 102" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\0\win32\ = "C:\\Program Files (x86)\\QvodPlayer\\npQvodInsert.dll" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\ProxyStubClsid32 kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\MiscStatus\ = "0" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\TypeLib kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Implemented Categories\ kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\TypeLib kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\QvodInsert.DLL\AppID = "{2462C5DB-27C6-4CE8-81EF-3204D612A421}" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\MiscStatus\1\ = "131473" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\TypeLib\ = "{C50D35A7-2515-4219-BC15-CBD2955EAE68}" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl\CLSID kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl\CLSID\ = "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl\CurVer\ = "QvodInsert.QvodCtrl.1" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl.1\CLSID kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Programmable kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\AppID = "{2462C5DB-27C6-4CE8-81EF-3204D612A421}" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68} kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\FLAGS kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl\ = "QvodCtrl Class" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF} kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0 kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/qvod-plugin kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{2462C5DB-27C6-4CE8-81EF-3204D612A421}\ = "QvodInsert" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl.1\CLSID\ = "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\0\win32 kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\TypeLib\ = "{C50D35A7-2515-4219-BC15-CBD2955EAE68}" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\TypeLib\ = "{C50D35A7-2515-4219-BC15-CBD2955EAE68}" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\ = "IQvodCtrl" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\TypeLib\Version = "1.0" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ToolboxBitmap32 kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\TypeLib\ = "{C50D35A7-2515-4219-BC15-CBD2955EAE68}" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\ = "QvodInsert 1.0 ÀàÐÍ¿â" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\FLAGS\ = "0" kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\ProxyStubClsid32 kuaibo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ProgID\ = "QvodInsert.QvodCtrl.1" kuaibo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Version\ = "1.0" kuaibo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\kuaibo.exe"C:\Users\Admin\AppData\Local\Temp\kuaibo.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
PID:2244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134KB
MD5f35c3050cf7db1095c50b788f2a8fca8
SHA12279c47413f9ea033eb12a275f56104c9c4cdf72
SHA256df2fdefb72a3c8c346726c9e2788d8e84cfff44652abf235d86e8e2a618058f4
SHA5127e6a9298903c3a94bca054e8333fc27cc588f4ffe493f42f98486888b297a265f9cd9dde38c592ca953ee64bbe364e7f6da64aaae231b43aca05055ae597f05d
-
Filesize
163KB
MD54907451bf7537380a4b0fac6b73d7ebd
SHA12d0fe6b1909a7aa4f872bbeb1fe7d0f52e655f59
SHA2569c3934025f4711ac3c1c49e7777505fca44ad750b69b714eca4a274b9287c9a2
SHA5122e054c08926c91ee4bac9ac7366a0ab1c184a98d9ac64ea14744e8d37e26672dc4ec20abaa788856ff5002dc543cc78d9c090ba05de18ca262ec19b3e6e33a83
-
Filesize
112KB
MD5bd4a461f7acb661d1bda3e9dc0b2175c
SHA13b4d5eb452d0d65a0c534c8411f2db8ffd3503df
SHA256bfde8938d04dba3027f448082c04e544f244f622282e3acd3f65fadb060e2eda
SHA5123e48cdc1a88701b4c9d6b78439064b56a113cbaef17310d155b17740396be5414cf17efdf8bd422b99bbfedaf079e608cf7ad263ae2c904ab1986da24a12a987
-
Filesize
661KB
MD50a6324504898ad0410efd545c9751399
SHA1ba5c1251dd11f9f1df1536fed808c907fa796043
SHA256cec6ed44920f1ec1b092d2c7f0114f043092c734b26c964611e138e43fe57889
SHA512a9e61904af3cb8e36ea9b739f62218857a521a197eb7078af4fb3f4c570f0c5c706de1e27a2206ce949e5a70ee4e4e9ba2a5b9859be6a424e65610a1b02725bd
-
Filesize
15KB
MD567d8f4d5acdb722e9cb7a99570b3ded1
SHA1f4a729ba77332325ea4dbdeea98b579f501fd26f
SHA256fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
SHA51203999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f
-
Filesize
11KB
MD5959ea64598b9a3e494c00e8fa793be7e
SHA140f284a3b92c2f04b1038def79579d4b3d066ee0
SHA25603cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA5125e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
Filesize
784B
MD5dfe5750ff8ea48c239c09077609fa491
SHA16493b1295691518a23d51b19e99d9730e1ac0861
SHA256a86c3545e17d480e41f62b0d5212474d054ed710c4cc62c88dbf2261d4ad7806
SHA5128856095243481a94bea560250a9a41058c8a177c9eaf0a9691f4852626de887a82c79feb03fcc47108af1c61268c9dd1bbfd972d249a9a65d7a36d47d982516c