Overview
overview
6Static
static
3OEG.lnk
windows7-x64
3OEG.lnk
windows10-2004-x64
3Platinum_C...on.dll
windows7-x64
1Platinum_C...on.dll
windows10-2004-x64
1Platinum_C...aq.dll
windows7-x64
1Platinum_C...aq.dll
windows10-2004-x64
1Platinum_C...ib.dll
windows7-x64
1Platinum_C...ib.dll
windows10-2004-x64
1Platinum_C...um.dll
windows7-x64
1Platinum_C...um.dll
windows10-2004-x64
1Platinum_C...or.dll
windows7-x64
1Platinum_C...or.dll
windows10-2004-x64
1Platinum_C...or.dll
windows7-x64
1Platinum_C...or.dll
windows10-2004-x64
1Platinum_C...um.exe
windows7-x64
1Platinum_C...um.exe
windows10-2004-x64
1Platinum_C...xt.dll
windows7-x64
1Platinum_C...xt.dll
windows10-2004-x64
1Platinum_C...de.pdf
windows7-x64
1Platinum_C...de.pdf
windows10-2004-x64
1Platinum_C...up.exe
windows7-x64
1Platinum_C...up.exe
windows10-2004-x64
1USBDriver/...de.pdf
windows7-x64
1USBDriver/...de.pdf
windows10-2004-x64
1OmegaUSBx64.exe
windows7-x64
6OmegaUSBx64.exe
windows10-2004-x64
6OmegaUSBx86.exe
windows7-x64
6OmegaUSBx86.exe
windows10-2004-x64
6Analysis
-
max time kernel
159s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2023 13:54
Behavioral task
behavioral1
Sample
OEG.lnk
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral2
Sample
OEG.lnk
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.App.Common.dll
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral4
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.App.Common.dll
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Daq.dll
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral6
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Daq.dll
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.CommLib.dll
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral8
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.CommLib.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.Platinum.dll
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral10
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.Platinum.dll
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.SmartSensor.dll
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral12
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.SmartSensor.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.dll
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral14
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Platinum.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral16
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Platinum.exe
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/chartext.dll
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral18
Sample
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/chartext.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Platinum_Configurator_1.5.2.0/M5461_0817_PLATINUM Series Configurator User Guide.pdf
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral20
Sample
Platinum_Configurator_1.5.2.0/M5461_0817_PLATINUM Series Configurator User Guide.pdf
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Platinum_Configurator_1.5.2.0/setup.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral22
Sample
Platinum_Configurator_1.5.2.0/setup.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
USBDriver/USBDriveInstallationGuide.pdf
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral24
Sample
USBDriver/USBDriveInstallationGuide.pdf
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
OmegaUSBx64.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral26
Sample
OmegaUSBx64.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
OmegaUSBx86.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral28
Sample
OmegaUSBx86.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
Platinum_Configurator_1.5.2.0/setup.exe
-
Size
413KB
-
MD5
14ccd26543249673b4666765a496b704
-
SHA1
9e9d01d479aa3555275fd98dd7886da339e38725
-
SHA256
f4457068354d0806563ae7206d59acf2e8693436e8c2ae2c4bb6c85c82b9c42d
-
SHA512
ebfe00864da19395e23dcafb1639496ff42cf3de3e4d7dfc978d288b283cf39c4cb567b68837143d8340d17988e1c4716355a269d8033195332cddcc3d0d9151
-
SSDEEP
6144:YDI8JDRdozHIjc1eBEhHE52AlOpK4sL5nEHFVeu22ZXL//3Vpb4FWaVg5p2PZ:YDzJDR6qlSKlLVr2ZXRp2h
Malware Config
Signatures
-
Modifies registry class 21 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide dfsvc.exe Set value (str) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString = "ORGN1WOWBVXR0RVA63T0T3QZ" dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Categories dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components dfsvc.exe Set value (str) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\StateStore_RandomString = "ZQJ3JTK84VT1T5Q3V7LAZYCL" dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft dfsvc.exe Key deleted \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0 dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Visibility dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0 dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment dfsvc.exe Set value (str) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString = "N7RCPR1J4MDC0L0LV3WQTJXM" dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Assemblies dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Installations dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\VisibilityRoots dfsvc.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications dfsvc.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2784 dfsvc.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3508 wrote to memory of 2784 3508 setup.exe 96 PID 3508 wrote to memory of 2784 3508 setup.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\Platinum_Configurator_1.5.2.0\setup.exe"C:\Users\Admin\AppData\Local\Temp\Platinum_Configurator_1.5.2.0\setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3508 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"2⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2784
-