Overview

overview

7

Static

static

3

bed3477c0c...be.exe

windows7-x64

3

bed3477c0c...be.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

7z.dll

windows7-x64

3

7z.dll

windows10-2004-x64

3

7z.exe

windows7-x64

1

7z.exe

windows10-2004-x64

1

WeaselDeployer.exe

windows7-x64

1

WeaselDeployer.exe

windows10-2004-x64

1

WeaselServer.exe

windows7-x64

1

WeaselServer.exe

windows10-2004-x64

1

WeaselSetup.exe

windows7-x64

1

WeaselSetup.exe

windows10-2004-x64

1

WinSparkle.dll

windows7-x64

1

WinSparkle.dll

windows10-2004-x64

1

curl.exe

windows7-x64

1

curl.exe

windows10-2004-x64

1

rime-insta...ig.bat

windows7-x64

1

rime-insta...ig.bat

windows10-2004-x64

1

rime-install.bat

windows7-x64

1

rime-install.bat

windows10-2004-x64

1

rime.dll

windows7-x64

3

rime.dll

windows10-2004-x64

3

start_service.bat

windows7-x64

1

start_service.bat

windows10-2004-x64

1

stop_service.bat

windows7-x64

1

stop_service.bat

windows10-2004-x64

1

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 01:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WeaselServer.exe

  • Size

    1.8MB

  • MD5

    9349a459ab834d9fb4f5d2935e728dfd

  • SHA1

    c159b2a7e7f2f2f18b22c8567ee4e214135defb9

  • SHA256

    a944a5eda7f90ef8ce98bc81be72100b53038772d84c87f1713867c9b1e2f05a

  • SHA512

    9824559bbd61d47c07ad1e5d80e50a997ef98670bf6e3859a22c69a8ceae0746d6f5890973b8518cfb71d0dddc7b43f9e7e70e7e245afc3dce5223e278e8078b

  • SSDEEP

    49152:+F6x+5/VQQHQT5Yf/I6bNynlsrLYX4H6RAc35nu:+Uk5NQUmYfPYX4H6RAEV

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WeaselServer.exe
    "C:\Users\Admin\AppData\Local\Temp\WeaselServer.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Rime\build\bopomofo.schema.yaml
    Filesize

    8KB

    MD5

    4e5d6a97063790251f02a852b0826914

    SHA1

    6be3e36950a9e43a475b0e430ed69da3ab2f175e

    SHA256

    0168eadde6f99b96d0364bc2ce9e7296505f9d9e9073e09782b5ca33f1b827d8

    SHA512

    6673f9367da3eb1d3b01b0f8c2024fd6b3c84792ff20dc8b2afbbdd26bd6278d73ba02ca97efe73d8c09e9f5fa3e26c0b163554ed2e2c083340c7adbd1dcfbef

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\bopomofo_tw.schema.yaml
    Filesize

    8KB

    MD5

    994cd0ab79b43b81bbcb5986cff0d29e

    SHA1

    f65ea2d06a23ba92b657977b87eec7cef5219a7b

    SHA256

    44be6b9ef350070d5877c085a6582f6ab3b3b98b7362671c299edff26b47e676

    SHA512

    d66f43a688f8d59eecdb2b35f969eb1afc1c3a864e46cca003dbbac215f3f123e53d4d799ad8a2417d127221817e179c27999ac99450e6f1c91fcff636aa58fb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\cangjie5.schema.yaml
    Filesize

    40KB

    MD5

    6fdd41ffb187c5a93f374fb60a13c424

    SHA1

    a242076f3643f0ac4670871a7aa52e09f2d55119

    SHA256

    4c23c32d11b04e40363596816e0c8a64955342ec6881b9c21ec152c6a11ba1d5

    SHA512

    472ab4d4b643956f8faca3c5b94b1a1403a2b4b673bf245bda27dc3722d68ec1cbe18fefd3c3ccfeac1ff384faa336f8e782c3f66992a4dcd6c7d2e7d59ab237

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\cangjie5.table.bin
    Filesize

    207KB

    MD5

    22fe4b259640dbf3b8732a5aabcf910b

    SHA1

    8d68395f90bdf95894caaa828c7f09cc5c697640

    SHA256

    1d1b2baa1992a03b3f53e5ef10c4928fb36ca70e276726b65d0fef6fcf7d4ed3

    SHA512

    91704de8e6ec48ae70845221b2b9ade830e8a19f723edacd77f166d3f8e0f3cb25448c52e0bbc50341576d0fa6d39ed361f77a955a34eac249c5022fffceb4a1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\luna_pinyin.prism.bin
    Filesize

    30KB

    MD5

    8cf42990da87f6e427af3a001e740220

    SHA1

    a6759bf0006a983c78de18a5eefd4ad0679d7850

    SHA256

    a4fcb73420920f200e9c40deeb21a7e3fbd7483f198bd7d9fc502bc0b8efa69a

    SHA512

    99c576e4824e968d70110c725b30721b7220ef1d36b70823da345e891dd846feaa0543d8594fa8ec64dd789c7a67aca8550fbe19c718755c0770215b1f980a4a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\luna_pinyin.reverse.bin
    Filesize

    246KB

    MD5

    2187ea9db7291700bdb4b7b2b4f9adf1

    SHA1

    d8e8048b29899f23c60cdf14b64ad343399ab768

    SHA256

    9782dd0bdebcf674f9519f89cffecc791270e7b6b3cf72b4f98be5cfcddd0a35

    SHA512

    bf7e79cc57bd5fc8879e4dd811adee6f9623b1a3fd4c927f924aac8b46004bd2a5bc3456575c35cc26346afd2b64ab9aee4dd3a0bd1988f28ff35486662f9a1b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\luna_pinyin.schema.yaml
    Filesize

    40KB

    MD5

    ac516922faadf0782c2c4036514e3d9e

    SHA1

    2cc21ffbce2963f99ba345efce3aef5410b194ae

    SHA256

    8aa960e69497f94b6b3f47381232e2d3fa833f6c0277c3aa9f24a786577e05ef

    SHA512

    a5fffc06bc0ff2812e24dd970b2f9d5a393694c23dcfc09ba419bfdad5c915eb97abbaae22a3fef23fd77cf57546e5735634ed13f94be07037c1efa5cdc90766

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\luna_pinyin.table.bin
    Filesize

    3.9MB

    MD5

    0dfbfb2ebf85403a005b99e83a265f11

    SHA1

    6d0c2e4af3dda5bbe3c1f0b9a80f36dbe3c58ecf

    SHA256

    aaf6b1ab2ef2af7d7ae779e965c916026ffc8b2f976a34db13c0702906d7cedc

    SHA512

    cbe10b050940483370f4d9a6b9d403ba3ebdd03f3fc94f1dd83074eb0fef348d1efca6edf6297d93c420fe14b283509547636108a51b0da519f5b42af97d51ce

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\luna_pinyin_fluency.schema.yaml
    Filesize

    40KB

    MD5

    e0c5f1ede6a37f458673b5c58ff3c365

    SHA1

    d1ef43d16fd00209aba5f5824790ea739eaab847

    SHA256

    90ce277fc40f19e123d01a9ada72799b618d5013e9cb594d31d83b0870ba02e6

    SHA512

    dd803b552907739433cdcfdffd56b8eaddba3e9ca72c360819874063e70c5a75dc5e1ab4aedd81f6c69a046e73c691ae34b6f31775207000cf6163e64ef4c2b3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\luna_pinyin_simp.schema.yaml
    Filesize

    40KB

    MD5

    fff5c1924e95150bd4a54873dda45e9a

    SHA1

    91373336912fbe553ec74dddf8603f72a4df2809

    SHA256

    6f28c4fe42d129cb462f9eef90132b756e5f87a3bb5e68f65272b2ca8c0dd92a

    SHA512

    093d2d5cc8cef912c2e3b549666ed8a6e049ee9a0b01d18d4facee6992b0679527a4af6b173600f03f3debf92c4e623a406db7e7aa825dbf4c219ac9c7db1879

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\stroke.reverse.bin
    Filesize

    884KB

    MD5

    afbc76ae833d0974643d58c71b565b01

    SHA1

    40408a6465c55e08ac4cc4cdb9737c6510b30c14

    SHA256

    ab7aa3813e55f2b5bfe359cda5df8c3bc05d28fd50ca5ddf786c088255e0b317

    SHA512

    6efb7524c964190647087d36eca79a39731cef5252a1c84063d69de5a500cf3efad83a3b57b6d0945ae12613770b160f9550e4ef98d8f00a94e57a89a95751a5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\stroke.schema.yaml
    Filesize

    6KB

    MD5

    34d3c2094f7a84591c439e0cbe34c609

    SHA1

    aad8acb171d074bc07cb9aacd7b1d795f6087a3e

    SHA256

    67a3d69e721fb814263465f4bd6f8eceae5c54f91e64f4007e3bd6b7b430a799

    SHA512

    c2e0872b54b14564896cfcfea4727ca0c9c264352323dad65d1ef5ec3e0d573f1c3517f3ae62c819bf587d216835d357793dd6f2376a52a17c6ed0b18c0fd91a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\stroke.table.bin
    Filesize

    541KB

    MD5

    4c4060bb7df47e0e5b1c10c88f6352aa

    SHA1

    f2078035906e7b79b70011c83c9431c6d1c6863f

    SHA256

    710aca129bf350d154e622a8c3a6fe3d23e37123a9f3bf2b3309f02c03d21651

    SHA512

    3aa3387aa72d72acd8df5d2e1dc10f62c144d34f71e4123e4d32cab6ee28fb984e78d853109187754c87c82785d125360dbdf9b0559ae85feefc6c6266301b6b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\terra_pinyin.reverse.bin
    Filesize

    254KB

    MD5

    bfe70afc02a62e1e0190e88748e15454

    SHA1

    6f5d44f57c4609c91d7ad0d79f275ac3dfceb52c

    SHA256

    30941b0d0403a0ecbbcf8dea5335597ab919357bb455e99b25c843a1b7dcae26

    SHA512

    cdb1bdf8a087268bc47951cd8307635d6f9dd9d4f753a0627458dbfd7de26f39a4c9d8979cb4cab1ad2ff85faa6de4a918e5916ed1fb22b49cd2ef4a123e0a08

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\terra_pinyin.schema.yaml
    Filesize

    8KB

    MD5

    43139bba2d0b3b79f96f97c8941567a6

    SHA1

    2eb863d7fc320ea2ab0bdf10669ffb4415498598

    SHA256

    2ef764d53c392754d59203f827c18c729af2bc88a8ff29d49865d3f65452286e

    SHA512

    80d15c5e649baa80d45ddd0fc821d1ee5868ed47675857b24a8e34b57469e024c3f5798d3c5f3bf0c4fa58028e7ac42b234ba5301a3c6bd4f962b0998d257f74

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rime\build\terra_pinyin.table.bin
    Filesize

    1.3MB

    MD5

    2fdda223ddf3239b341efd9fd59e16ef

    SHA1

    798d84cc86341b3224ef25423ca7a7a65015c6eb

    SHA256

    9e0af68ed0486b2c3bd61575ad75aee62579454927efbe5c608a846d20e2809d

    SHA512

    aa6969ddacce9820743431444c35e2f1eb6e25bd2f7e113acb816b27c52a0c04ae850ca4c25067cea665e586673b1260d367824e24d1d47821c27974d64dd647

    Download Submit