Analysis

  • max time kernel
    23s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23/02/2024, 10:10

General

  • Target

    Zaopin Wireless Mouse_v1.0.0.4_2024.01.25_setup.exe

  • Size

    6.2MB

  • MD5

    e6a3d4f155e8bff59eb7b45a65a15f74

  • SHA1

    bb677f9035683ba4096a9fef9bb10a63e9efa646

  • SHA256

    1e5f3c2e17722880f6b4299c3b2b03c11d6b39cd8d8f28c86bcd0e7c246b617a

  • SHA512

    395e865a2420d7cedc202057741e2ccd0dad0ba77c3b46a2ade11ba671b573f52db236347bb44b549f1b3489d0991ee25acccc9c94c7366e89fbc7382bd8866e

  • SSDEEP

    98304:ikLnryyX73mpUjMfKXIHYJ6W6n/5kFQVlTrXcs14Ic16UdA1XmgpO9PqvU:tnbUUAfwEa6xMwOQrpmgGqvU

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 9 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 19 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Zaopin Wireless Mouse_v1.0.0.4_2024.01.25_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Zaopin Wireless Mouse_v1.0.0.4_2024.01.25_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\is-A9F1V.tmp\Zaopin Wireless Mouse_v1.0.0.4_2024.01.25_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-A9F1V.tmp\Zaopin Wireless Mouse_v1.0.0.4_2024.01.25_setup.tmp" /SL5="$5010A,5636752,785920,C:\Users\Admin\AppData\Local\Temp\Zaopin Wireless Mouse_v1.0.0.4_2024.01.25_setup.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3132
      • C:\Program Files (x86)\Zaopin Wireless Mouse\Mouse Drive Beta.exe
        "C:\Program Files (x86)\Zaopin Wireless Mouse\Mouse Drive Beta.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1964
  • C:\Program Files (x86)\Zaopin Wireless Mouse\Mouse Drive Beta.exe
    "C:\Program Files (x86)\Zaopin Wireless Mouse\Mouse Drive Beta.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2400

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Zaopin Wireless Mouse\Config.ini

          Filesize

          2KB

          MD5

          74caaf3c300f5ae353afc4dd47f6d9c6

          SHA1

          7d3234b7496e0d18df01dcd61a981ae04df820c5

          SHA256

          45414408fe896aca16c1b2c781d041ff5b26fb1d8f13febe573b705f29d65f6f

          SHA512

          dd978999fa1878079afd244c0bc8b67ee0c7036dd4bea5f10b46421c08e8f533a2af1e1f427bf6f72c5ce9b87d06472d5f34a3efdc9b81df75776dc865acfa41

        • C:\Program Files (x86)\Zaopin Wireless Mouse\Language\0-English.xml

          Filesize

          15KB

          MD5

          191c298fc492c76959dbfc2f7dcc5637

          SHA1

          e8168aeee2e362e177c9f65b9b8338a620c499e1

          SHA256

          8f2f17146d057bb98c55093af4bb1e3c3e4ffb46786dd8b29de8672d0a84b5d5

          SHA512

          46bd31bc02d33688f5042d1ac86ad6ca11e1a3f7f3f2a5509c1de0c1bcb112ee9c3f8d406e79602af391511a09e1df1a98f54e1d6972785a823e6806ef556626

        • C:\Program Files (x86)\Zaopin Wireless Mouse\Language\1-简体中文.xml

          Filesize

          15KB

          MD5

          69c872328487c6d12a5a57ffeafd676f

          SHA1

          ca0620d181961d0b9fb7a38d312ef9d0ba840139

          SHA256

          3ffe99b471eae3f6102f861271f62f3f20c56fb83413a0d35dd9801234c7f89b

          SHA512

          54073f4d6ad9e533207fb7693f9d56352623e13b3399ac9454f03e40865957d83a8adddbc81ee1f2d643d2f1e1d24304b827b322334e53e74c699584db3fa9e0

        • C:\Program Files (x86)\Zaopin Wireless Mouse\Language\2-繁体中文.xml

          Filesize

          15KB

          MD5

          30080849de61e0fee467529966c66fb8

          SHA1

          e38ab3a9aed3b1685d09a3584bdac0a7dd4020bb

          SHA256

          44a59e6184c68de854053c51fcc3f170f118a02c135827f1e9a8d2acb5b2a6ae

          SHA512

          8f951f043d395607c4c1d65ecdc1f0f9b4f3f2f8c6500ac3d3632dd2430c79e53760ea1dfec18951dd53a3c400edb7e6773a9efbee75c26db5fce86728cbc79a

        • C:\Program Files (x86)\Zaopin Wireless Mouse\Mouse Drive Beta.exe

          Filesize

          5.0MB

          MD5

          a783b41b670e473fdc5b12abb8ade664

          SHA1

          5f096489160032284cba1f2b6d3b3d2f89a413ec

          SHA256

          4832aeb2fbd36b063d5290ed041d4951bbe5cd3fc6e89364e11b4cf2d8bcc3ec

          SHA512

          d64e56d309641d643cc4b31fb35744c3ecdfe4d00a6f71c8522ded7c574d9a1f57900278a09566a9558ceea59fde715d7385c45bf7f552185148d64887154ece

        • C:\Program Files (x86)\Zaopin Wireless Mouse\driver_sensor.h

          Filesize

          22KB

          MD5

          bd6a8821883bdd6667cc9a957c6f63e8

          SHA1

          ab6a98b0ea1453697223a1e206b49e2445093afd

          SHA256

          e19ddf965fed746d6177c7dfb2f3ad2d7801b7bcef46c6c1e7c2f482286adb73

          SHA512

          d1cb126b3f14268b477600fd122d3945f33e351c3022758d2121071c26ec9d88eae8cf59ff743e31b00b0d32a4f6187d8c8362b4a25ddb87b97181496f0037e1

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\上一页.png

          Filesize

          727B

          MD5

          22b5b57a7da911b93d2ad3bd9438f818

          SHA1

          976202c6bad2025bc46e3b9a1150ae79cdf8364c

          SHA256

          fa0045bef6b1436e24040014adc2203ee94802841d59a020a2fb011a24bb28fa

          SHA512

          f9757cdad46954be0107a50882f78fedf2bb471a4b4d231a00b1c8a0b645b175d2e2dd756f2547534a63a85d1be8219d8849d7cfbafe6681ab4aa25e42f4f22c

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\下一页.png

          Filesize

          720B

          MD5

          073812d80d78ad25f1b8a6ae158d12aa

          SHA1

          31112fc7cfa3e488022f0dd4abab2a6924a473c2

          SHA256

          86388eda79a1b80e09899a369f079abe461c2ee2c08182f32b68d07903b07d54

          SHA512

          49fa3f8d39e7b2d4b9ba3eb2ccf89a5ad84a12f1849b5a1352d097278307ab288ea651ce1fa5b82d7c1951fd84a7e23e81df0a90d64db1b786319446a191a54e

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\主页背景.png

          Filesize

          410KB

          MD5

          91b20724e08a0571f66936c892ce1e84

          SHA1

          a2a8a2b3491ee9ff46acd4bc9c631fcd85e8a48c

          SHA256

          1ec88e2e33cf78d7f5e5de117572e8090079eeeb85427cf93d91154de5b71d79

          SHA512

          00c85fd94c779b083c0eb3bc612edbe091643b4645f132053691baaaa03418f270d405ad6f08c2b453286b9a2370bb616f15721e109cd4bd2a0fa43378a56423

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\未知设备.png

          Filesize

          3KB

          MD5

          e486e5e22000b71c7589c1f011e5cde5

          SHA1

          ff6b5282bc8b8a8b4296d0631f156812dc37a81b

          SHA256

          f601ea6834e3b502a03b6dac9bebaf6334c74b301c5e2f2120ce250863c4e86b

          SHA512

          af72580c1db5377832fe2f6e1e30c53d21b3dff97dbd4279c0ea901f94db8cb06f374ec7d0bf986ed7a0774d939178a59d13b725c58f913978bd38ad56c179ec

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\设备1不在线.png

          Filesize

          28KB

          MD5

          342ea90e3d4b94abf7f57373810b0b9a

          SHA1

          ee44e1607f95ea42f0318a14f5f4041c6f4bcfd2

          SHA256

          3d3634cd4ab260793034c29b5450c5ffb16e7358a6763fa0f8be2490752d9347

          SHA512

          f7164fed31550c2952ef654423d4f24dcb36eb49b56deecd4fa445471eef95e3b4589902593d16c6a6e7c16fb22c9cc7ab353dc09511f9dc71cf29490ddce150

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\设备1在线.png

          Filesize

          30KB

          MD5

          e031f3e5dcdf51b4dc24d4e3404400b7

          SHA1

          634d8dee2e4004457ea0991dfe417c484e22f66d

          SHA256

          96c154479a30dd97f4f1499030cccdf471b0a59de0e2412fc3470a7fa8502142

          SHA512

          627f64ea53efff25800282a61ab70a6b575cec1d9d2decc9a18393f3da191578845679a55f219e90d51cfff52ea493e63f2825fa1387f2fa9b2661474d936cae

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\设备2不在线.png

          Filesize

          46KB

          MD5

          3bea753e88eecad14508c8adb829d815

          SHA1

          ae3548778ce0482a34960b6e9611051f9d522bff

          SHA256

          a49fa568c9686bce2235f2d9b1ff863544bf73e5d114387dc9208c8a6b42fac4

          SHA512

          feee70e4a1a1121b84559a078d0d08f1036e903080bb13a55d4399f3ba248049deeb87b49edbe3fcca199bcb6fbc19875463ac100e691108ccc7d8275c0ba0ba

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\设备2在线.png

          Filesize

          104KB

          MD5

          6c0debe76d114bdf0feb858109704e63

          SHA1

          cd87be646457c9fd910ef5ee763b6636b0893780

          SHA256

          8698233a088d48f9cc969d0b0a6fcda634067c3a5a2b4eb23e54b8655e192be4

          SHA512

          5011f88fb4ed28a9e54748823f6cf4134338c36d0d34156488eff6c5c94da4641427d7301bd78ef5aa49d2ee1c6d5dae6fdcea1240a1910883a67664f5fd2d48

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\1首页\设备修复.png

          Filesize

          694B

          MD5

          4fab243f22e02481dfbadc7042a87ad5

          SHA1

          31ee4431bffe502c18521ea602d122ba42cd3a1b

          SHA256

          7c236d6fbd4de8ecfc12c537a7c767fc2c54d9f529abb78db1eb2fa7110e747f

          SHA512

          0af786b287b8bc72edf883996d828e5d81236dc4b6bb6ab574747e44ba9f37b4d87ece5b248fb8d1a6537d0af542c64e3ffae8cbfbab4bbdc62ddbc07e716873

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\7共用\下拉框按键.png

          Filesize

          183B

          MD5

          2ff91cd758ca4ca5c078cf2c0e32ba7e

          SHA1

          3a73bc9339d496d062d72d88cfc201cdb64acf1c

          SHA256

          4ab6faea9ca2a82408b794a9ea8f4f244b7417b9719df80cd2cbe5ffe98bea33

          SHA512

          c15d18e69a08d9c49f722462b9eaf1f437df265e909d8c5bd9e7a979047327044e3c7f3ab46afcfc634a85fbc950f9dd6393741448c3ddc7cdc7a01fa4603763

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\7共用\关闭按键.png

          Filesize

          260B

          MD5

          1d86711a38018d6135d4746a06b98025

          SHA1

          dc24b52df4e40ac0febbbeae181fd39f3a548593

          SHA256

          f6aaf5ab9c942bb18d646e96936a7f6839539be47b69bebe203a7bb388124a8b

          SHA512

          5581da135f38c3b7cd9c781cd08ba6f34407097070edfa27952fcf7151dd5ab67c40bac37752cec7b048e44f3a89ca6191aac8845e25a007a6f09f60d87d5abc

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\7共用\关闭按键按下.png

          Filesize

          294B

          MD5

          428460e046a1199c0a59abde4277df58

          SHA1

          de26e52ea4f1fc37a4d374c515cc8591b2c91fde

          SHA256

          b475465171bb2f11bd81c8fdc73c6bdc71cc4b98a4a5668766ccaf3ce67b75d6

          SHA512

          159ead949ea251e411f2213b0706010913e67b4c9bf039d41cfba4ad9ba2ed4c09254370cfe6d2207f732964474f1456a46fb3aabdc3ce2b10a733b420636ce5

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\7共用\关闭按键鼠标进入.png

          Filesize

          299B

          MD5

          bc84bcbf283ebdf49296ace6f72e664a

          SHA1

          0747d9aba5efbbc99cd5c9548f3c050d3502d1fc

          SHA256

          385f2db5d731201f47fa0b0d25bee6dd232d08fe354f12eb570174b607fa4bd1

          SHA512

          6464d27ff0e931c6e28f0131d50eb236457a8a7ee174e1802358184a0a044f7210c81f84b43288bd740d367e235488cdafdaf22cbb571756761ad366468dfea4

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\7共用\最小化按键.png

          Filesize

          134B

          MD5

          b437cff13c3a9322d3572af152732eb5

          SHA1

          4f727bbcb4c7a0f867b1d09cc95008cbaa3a7dcf

          SHA256

          1e7cfd55a07d24a14d785c38234ba41d398d53faa6fa9704b149f1f0e43b57b0

          SHA512

          47f0b6c36162cc47dc4f337f75c8f8741a0245d76aad0f202582c1b659084ec524fd46bb775fef31621c28c2189d6ec947f5e268cb16f096d522eb4c05cc796e

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\7共用\最小化按键按下.png

          Filesize

          138B

          MD5

          e792275e571682649e46d6e1e6f4a4c1

          SHA1

          24f9564b5c34ace22a45df3d41698eb08f6afd2a

          SHA256

          417fb2b2e0cb02885b5bf188c04bfccf9bd26f0bb1ec6a7258a69d37cf81c0a3

          SHA512

          cce71123c59ca2b9efe3eb2a97c7998c4c38f8cc860c4892fb5eebd3a031896d8a20a4ae1a2cc3fa8ee78ae8d17b523c4129a9308bad6e6fbac2428a79f72014

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\7共用\最小化按键鼠标进入.png

          Filesize

          139B

          MD5

          e195e9575b046c872d26b06961e709b2

          SHA1

          3984fb1f77d03942e1058ed1f07100380be586db

          SHA256

          1ec24efd9c3e3882f296afc7d5f0442839866b8b502031e8b0a5e4abbbfae132

          SHA512

          3dae3635ec608453ed3b34221c123a4a63916b1880a418a390f8db3efd3f9c28eba8e3e1aed9b350d163f50b0cc0d12f8c80977230c31a569d99078ed4006199

        • C:\Program Files (x86)\Zaopin Wireless Mouse\res\logo.ico

          Filesize

          9KB

          MD5

          5d0ce4af81a6cd687817444117e4b07f

          SHA1

          ac9cf87ff389288980bcf34c76823e10b666a4f7

          SHA256

          b16bbaf57bbc798965e64060b62fc9436a32b9d33729f8e9aa3ef58628a20b55

          SHA512

          29165d11791681577ce0d628353993c75f74a4cb9c5f34f1d6df0e07c263e910522dfe91f1e241fd6129d5bc3e9584f421d9475e7c4bb39d093d9f7524205244

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Mouse Drive Beta.exe.log

          Filesize

          1KB

          MD5

          50d7cdaa3dfe382a44dd904d0948e344

          SHA1

          9fa2fb8fbeedc3a4aef8bb2bbdc8e46356e38397

          SHA256

          379ff305e92b1805fa47849efa251837d4ede46d3b2b0b2c6a92629a761c1717

          SHA512

          658d5a69592a2953160a41491f8aaa4d3801c5d07df81715f02bcf4cc8efbe26f5573c2da7e6af565c2818f213a8f240b135af09cb0834b4bb111536a179daba

        • C:\Users\Admin\AppData\Local\Temp\Costura\92D9916598F5C735B353BD374218F82D\64\hidusb.dll

          Filesize

          120KB

          MD5

          92844e56bf9ed344df39b1509b20436d

          SHA1

          832beed9b1345f00ebe4361a14a5e30b6511db33

          SHA256

          a64dab55235916b10f76432b926589a820bcbb59c1adff585b4204dd9da8c021

          SHA512

          4716ae2fcc83a8adee5542372c1d11408d1c6cdfe3e54d530235c7f49b2c1a6ef23a0a413eb69c5a8185a77fd79c18ec8d12e8977a6ee72e86aa9b2f56a5db2e

        • C:\Users\Admin\AppData\Local\Temp\Costura\92D9916598F5C735B353BD374218F82D\64\msvcp140.dll

          Filesize

          554KB

          MD5

          f3ff13f1e83afec41bca6140030032c8

          SHA1

          ac62d2e6b9d454ce43cf6a4b218112f5ad773ad3

          SHA256

          92b315040c9cdb42492c8bf19339f95b758dabba6e492263cc00231a4c161f29

          SHA512

          140c6ada9ab0b12df00c3ad8420463a4e159d10b0b0a7f4705986de38d21640e39c4bf7e331221ee67459fd0f5872d2d4c5a2dd8236a994927a4d6836bf46e33

        • C:\Users\Admin\AppData\Local\Temp\Costura\92D9916598F5C735B353BD374218F82D\64\vcruntime140.dll

          Filesize

          96KB

          MD5

          f12681a472b9dd04a812e16096514974

          SHA1

          6fd102eb3e0b0e6eef08118d71f28702d1a9067c

          SHA256

          d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

          SHA512

          7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

        • C:\Users\Admin\AppData\Local\Temp\is-A9F1V.tmp\Zaopin Wireless Mouse_v1.0.0.4_2024.01.25_setup.tmp

          Filesize

          3.0MB

          MD5

          0f42329bb31cf294f36295ce3919cdcc

          SHA1

          721ec022c9b486467595abacfac229ff17f65aad

          SHA256

          cf0af0210fc8be94349be0c09a915ef172e874a39d05163f35055d284d2c6506

          SHA512

          f0e43e327ea1861e5849cddfe132117cb553d681fe1282d9a2bd94f195af0dac5ba70f3d54e816d21d8c53640625bbcca3b7aeb6bed9129c06a5aa36a69bbfc5

        • memory/1964-355-0x0000016BEFB20000-0x0000016BEFB30000-memory.dmp

          Filesize

          64KB

        • memory/1964-332-0x0000016BED6B0000-0x0000016BEDBC2000-memory.dmp

          Filesize

          5.1MB

        • memory/1964-349-0x0000016BEFB20000-0x0000016BEFB30000-memory.dmp

          Filesize

          64KB

        • memory/1964-356-0x0000016BEFB20000-0x0000016BEFB30000-memory.dmp

          Filesize

          64KB

        • memory/1964-333-0x00007FFFA3CA0000-0x00007FFFA4762000-memory.dmp

          Filesize

          10.8MB

        • memory/1964-388-0x00007FFFA3CA0000-0x00007FFFA4762000-memory.dmp

          Filesize

          10.8MB

        • memory/2332-327-0x0000000000400000-0x00000000004CD000-memory.dmp

          Filesize

          820KB

        • memory/2332-380-0x0000000000400000-0x00000000004CD000-memory.dmp

          Filesize

          820KB

        • memory/2332-0-0x0000000000400000-0x00000000004CD000-memory.dmp

          Filesize

          820KB

        • memory/2400-391-0x00007FFFA4890000-0x00007FFFA5352000-memory.dmp

          Filesize

          10.8MB

        • memory/2400-399-0x00000226E1190000-0x00000226E11A0000-memory.dmp

          Filesize

          64KB

        • memory/2400-402-0x00000226E1190000-0x00000226E11A0000-memory.dmp

          Filesize

          64KB

        • memory/2400-413-0x00007FFFA4890000-0x00007FFFA5352000-memory.dmp

          Filesize

          10.8MB

        • memory/3132-379-0x0000000000400000-0x0000000000708000-memory.dmp

          Filesize

          3.0MB

        • memory/3132-328-0x0000000000400000-0x0000000000708000-memory.dmp

          Filesize

          3.0MB

        • memory/3132-5-0x0000000002910000-0x0000000002911000-memory.dmp

          Filesize

          4KB